Insecure by Design
"...because users are idiots who run every "lolcat.jpg.exe" they get in the mail, with admin privileges, and then click OK/YES on every warning that pops up without reading? That's the attack method I mostly see around, and there's not much the OS can do about it."
If Windows users weren't *required* to run with admin privileges then they quite simply wouldn't be able to damage the entire OS through their stupid clicking.
If Windows apps didn't install themselves into the OS system folder often even overwriting the original DLLs at the same time and then go on to run with full system privileges then dodgy apps couldn't damage the OS.
If the Windows designers had had even the tiniest understanding of the need to partition users from apps from the OS then these things would rarely if ever happen.
"What it boils down to is that the application may add portions of itself to the operating system. (This is one of the reasons why Windows needs to be rebooted after an application has been installed or changed.) That means that the installation procedure introduces third-party code (read: uncertified code) into the operating system and into other applications that load the affected DLLs. Furthermore, because there is no real distinction between system level code and user level code, the software in DLLs that has been provided by application programmers or the user may now run at system level. This corrupts the integrity of the operating system and other applications. A rather effective demonstration was provided by Bill Gates himself who, during a Comdex presentation of the Windows 98 USB Plug-and-Play features, connected a scanner to a PC and caused it to crash into a Blue Screen. "Moving right along," said Gates, "I guess this is why we're not shipping it yet." Nice try, Mr. Gates, but of course the release versions of Windows '98 and ME were just as unstable, and in Windows 2000 and its sucessors new problems have been introduced."