"UAC and their underlying technology, "integrity levels", were not intended to guarantee that processes with higher privileges are protected from compromise by lower-level privileges, but rather as a way of changing the way Windows software is developed, Russinovich said in a February blog post.

'If you aren't guaranteed that your elevated processes aren't susceptible to compromise by those running at a lower IL, why did Windows Vista go to the trouble of introducing elevations and ILs? To get us to a world where everyone runs as standard user by default and all software is written with that assumption,' he wrote.

Microsoft's drive is to get users off of administrative accounts and onto those with limited privileges, even if the new arrangement isn't water-tight from a security point of view, Russinovich said."