The first thing people wonder about when first considering trying out 7 after having been running Vista for the last 2yrs. A brief description of the changes seen in 7 goes as follows.
"What's Different in Windows 7
I mentioned some of the operations in Windows 7 that can now be performed by standard users, but as the E7 blog post on UAC explains, we also recognized that we could make the Windows experience smoother without sacrificing UAC's goals. Many users complained about the fact that Windows Vista itself frequently asks for administrative rights when they perform common system management operations. It's in our best interest, because it's in the interest of our customers, to make Windows work well for standard user environments. However, elevation prompts don't educate or encourage us to do so, but they do force users to click a second time through a dialog that the vast majority of users don't read. Windows 7, therefore, set out to minimize those prompts from the default Windows experience and enable users that run as administrators to control their prompting experience."
That was extract from the July Technet magazine seen at User Account Control: Inside Windows 7 User Account Control
Another section goes into details on...
"Elevations and Malware Security
The primary goal of UAC is to enable more users to run with standard user rights. However, one of UAC's technologies looks and smells like a security feature: the consent prompt. Many people believed that the fact that software has to ask the user to grant it administrative rights means that they can prevent malware from gaining administrative rights. Besides the visual implication that a prompt is a gateway to administrative rights for just the operation it describes, the switch to a different desktop for the elevation dialog and the use of the Windows Integrity Mechanism, including User Interface Privilege Isolation (UIPI), seem to reinforce that belief.
stated since before the launch of Windows Vista, the primary purpose of elevation is not security, though, it's convenience: if users had to switch accounts to perform administrative operations, either by logging into or Fast User Switching to an administrative account, most users would switch once and not switch back. There would be no progress changing the environment that application developers design for. So what are the secure desktop and Windows Integrity Mechanism for?
The main reason for the switch to a different desktop for the prompt is that standard user software cannot "spoof" the elevation prompt, for example, by drawing on top of the publisher name on the dialog to fool a user into thinking that Microsoft or another software vendor is generating the prompt instead of them. The alternate desktop is called a "secure desktop," because it's owned by the system rather than the user, just like the desktop upon which the system displays the Windows logon dialog.
The use of another desktop also has an important application compatibility purpose: while built-in accessibility software, like the On Screen Keyboard, works well on a desktop that's running applications owned by different users, there is third-party software that does not. That software won't work properly when an elevation dialog, which is owned by the local system account, is displayed on the desktop owned by a user.
The Windows Integrity Mechanism and UIPI were designed to create a protective barrier around elevated applications. One of its original goals was to prevent software developers from taking shortcuts and leveraging already-elevated applications to accomplish administrative tasks. An application running with standard user rights cannot send synthetic mouse or keyboard inputs into an elevated application to make it do its bidding or inject code into an elevated application to perform administrative operations.
Windows Integrity Mechanism and UIPI were used in Windows Vista for Protected Mode Internet Explorer, which makes it more difficult for malware that infects a running instance of IE to modify user account settings, for example, to configure itself to start every time the user logs on. While it was an early design goal of Windows Vista to use elevations with the secure desktop, Windows Integrity Mechanism, and UIPI to create an impermeable barrier—called a security boundary—between software running with standard user rights and administrative rights, two reasons prevented that goal from being achieved, and it was subsequently dropped: usability and application compatibility."
The article also explains the intended goals of the UAC first seen in Vista.
(Technet archives found at http://www.microsoft.com/technet/abo...e/default.mspx