Of course, User Account Control has the potential to help protect against unauthorized changes to the system, as intended. But the question I throw open for discussion is whether it does that in practical situations. There are various scenarios and arguments that can undermine or short-circuit its effectiveness: Its constant pop-up warnings requiring user authorization soon become highly annoying. In my case, even trying to scan a file with my resident AV causes UAC to prompt me for authorization “of this program making changes to your system”. Well, that’s what I got it for. And on many occasions it won’t allow me to rename or move my own files without such authorization. As a result, one is tempted to downgrade UAC’s security level. Or even turn it off altogether. If he keeps it, he soon acquires the habit of clicking on authorization automatically, without really thinking. To those who think it’s foolish to disable this valuable protection mechanism, I point out that my XP didn’t have it in the first place. And though XP is considered (far) less secure than Windows 10, I never had a problem. So why should I now have to put up with this annoyance? Now, I just presented one side of the argument, others would defend the opposite.
You find UAC annoying to just click a button, try Linux with the sudo this and sudo that. Also security is largely dependent on the user.
The main purpose of UAC is to make the user aware of changes, and what he is doing. That is all. It is really there to be annoying.
What is a malicious program? Does it change your browser settings? Does it phone home and track you? Does it put advertising onto your pc? Is it Windows 10?