Windows also has a nnice little annoying feature that so far I haven't found how to turn off called Data Execution Prevention or DEP for short since XP SP2. There is use for UAC but any somewhat knowledgable user shouldn't need it for what service it provides. Spyware and trojans and virus are all things better not let onto the computer to begin with. I agree that a lot of users pcs do become infected by some of their downloading habits but it's not 99% like an unknowing user would suspect it might be. The majority of trojans a user finds online is in web surfing and most trojans won't trigger UAC because they don't install anything. They will modify a registry setting now n then but I've never seen modding a reg setting set off UAC either. And for the record any user who thinks they've never had a problem with a trojan or a "hack" or attack is most likely using an infected machine at the time of making that statement. If you've never had an issue it was because you didn't know it when it happened, just nothing told you it was happening so you assumed it didn't. I have used hightened security on a pc to the point it made a good machine come to a crawl. I have seen some webpages I would never have thought would allow spyware and trojans linked to their site be crawling with them. Embedded in banner ads and shortcut links, or downloaded from the webpage into cache in something you totally couldn't see without going through your cache.