I think the myth that UAC was designed as a security boundary needs to be dispelled and hopefully Tom's can do an in depth article on what UAC is and what it isn't. It's more a compatibility feature, than a security feature.
The clearest goal of UAC was to allow Windows users to work using standard user accounts without having to spend large amounts of their day switching to an administrator account to perform tasks. The secondary goal was to get software developers to learn how to accomplish tasks without needing excessive access to the system. Good software should be able to perform most of it's tasks without asking for privilege escalation, and in theory, as time went on and software asked for escalation less and less, it was hoped that users would scrutinize the elevation requests more and more. Of course, since most users don't even understand privilege levels in an operating system, much less why they should question allowing it, UAC seems more of an exercise in dialog dismissal and why Vista was more annoying than XP.
The only real function provided by UAC that immediately addresses security is preventing privilege escalation, but it can only guarantee that on it's Always Notify setting. Because of this behavior, I only consider there to be 2 UAC settings that make actual sense, Never Notify and Always Notify. The rest are just feel good exercises that provide no added guarantees of more security than Never Notify. You either care about privilege escalation all of the time, or you don't. An unfortunate realization your readers seem to be missing is, in Windows 8 and newer, UAC is not actually off when set to Never Notify, it's just not going to inform about the privilege escalations taking place.
I find it very unfortunate that the Editor was lambasted by an angry mob that seems a bit ignorant of the feature they were beating him up verbally over.
Processes don't even need to escalate privilege levels in most cases to compromise user data, so if anyone is looking at UAC for purposes of protecting user data from malicious software, it's pretty useless. Standard users can always access their own data.
As an educational tool I think UAC missed the point. People aren't becoming any more aware of good security practices as a result of nagging, and many are still running default UAC settings on on admin account. Perhaps it's users that have instead missed the point of UAC? Microsoft hasn't even followed the rules for good software policy with their own products, performing the equivalent of white-listing their software rather than rewriting it as 3rd party vendors are required to do.
The virtualization aspect of UAC allows applications developed with the assumption of running with administrative access to function correctly using a limited-privilege account. The reason is not for security, it's for backward compatibility with software written before design rule changes took place. Software written after the introduction of UAC shouldn't be relying on UAC's virtualization to function correctly.
Once users run as non-privileged, the need for UAC pretty much evaporates unless they're running old or poorly written software. Once users run as privileged, if they use any setting other than Always Notify, UAC isn't guaranteed to even do the job it's supposed to do.
This is the reason I run UAC set to Never Notify: being notified of some, but not all privilege escalations doesn't serve a valuable security purpose and I'm not interested in the number of dialogs I would be subject to with UAC set to it's highest level. By the time I run a process, I have already scrutinized it as much as I'm ever going to. An extra prompt isn't likely to ever change my decision, especially if it doesn't give me any new information that was missing from my earlier decision making process. I also don't need UAC for the purposes of making non-compliant software compatible with newer versions of Windows and it's integrity levels don't protect against read access while being exploitable for write access.
Microsoft's own words:
Because of the wide range of application design and implementation, the integrity mechanism cannot provide a complete isolation barrier. The Windows integrity mechanism is not intended as an application sandbox.
Folks so hyper concerned should be running UAC set to Always Notify, or better yet just run as a standard user.