So what? UAC was not meant to be a penetrative-proof protection for malwares and would never be. Rather, it was designed to reduce the risk of getting infected, not nullify any attempts out there. Anti-malware solutions should fill this hole left by UAC and work in tandem. Of course, despite all that, the biggest hole of all is still the end-user as he/she has limitless control of the system.