Security vs usability...
...Are not supposed to be opposite concepts. Yet as far as this debate goes, they seem to be. Few comments:
1) A computer is never connected to external media or the Internet (a gaming computer I used basically fulfilled this function - ok, it used a CD drive to install the games, but that's yer lot.) Yet windows will mark it as "insecure" if it doesn't have security software installed. That immediately suggests to me that what UAC says is "secure" or "insecure", and what actually is the case, don't always match up.
2) The choice of programs my current (Vista) box marks as "insecure" seem to be practically random - for example I use some poker clients, some of which need UAC every time they're used (why do they need this and why can't I turn it off for those programs only?) and some don't. Whether or not this is fixed in Windows 7, I don't know, but I feel safe in calling it a bug, not a feature.
3) I agree with everyone who's said that nagware does not provide security, although it seems such an obvious point that it's almost unworthy of comment. (Of course, MS seem to have missed it with their last OS.)
4) The default user account shouldn't be an administrator one. Whether or not this is fixed in Windows 7 I don't know, but it wasn't in Vista.
5) To most users a computer is a tool. This simple fact seems to get two extreme and opposite reactions - one from people who insist that computer users be technically-minded to a ridiculous degree, the other from people who insist that no technical knowledge about how a computer works should be required to simply operate one. I'd advocate a middle ground - seriously, it's not that hard to understand the concept of an administrator account versus a basic user account, provided that what you can do in those accounts is made clear. Unfortunately that's rarely the case.
(For example, how is it that when I install a program on Windows Vista, regardless of the user account I'm using at the time, it doesn't ask me which user accounts I want to have access to the program? The "default" option of "this account only" would be enough for most users but people who want a more customized computer could choose a different one. From a usability point of view it's not hard, so what's the technical barrier to this happening?)
I'm interested by the point made by one commentator that most users are "happy with" UAC. I count myself as reasonably tech-savvy but not expert, and to my fairly uneducated eyes it simply doesn't do what it's supposed to do. It nags me about programs that it shouldn't (and doesn't give me the option to stop it from doing so), fails to give explicit details about what the programs in question are requesting, and on a few occasions has failed to pick up things that I thought it should have picked up easily. I imagine other users have encountered the same issues. The only people I can imagine being "happy" with it are the ones who've turned it off, in which case their computers are inherently less secure; and while this is unlikely to affect any of them directly, I doubt the ones who've been infected or hacked would be too happy about the situation either.