Why UAC isn’t a security boundary, and how auto-elevation works on Windows 7
Mark Russinovich (of SysInternals fame and now employed as a Technical Fellow at Microsoft) has published an interesting article about User Account Control (UAC) in the July issue of TechNet Magazine.
He discusses the goal of UAC, why it could be circumvented by malware, and how auto-elevation on Windows 7 avoids elevation prompts from system tasks.
http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx