"UAC does not, nor is it intended to, stop malware."What UAC does do is enable running a computer with Windows Vista installed as a standard user. The result of this is important. By following the recommendation to keep UAC running, the computer is significantly less vulnerable since currently most malware requires administrator privileges.
Does running as a standard user protect against the computer operator allowing installations? Absolutely not. However, it is certainly hoped that the average computer user will recognize the difference between an unexpected request for elevated privilege and a request when intentionally installing software.
For in depth look at User Account Control for Windows Vista, tune in to the Channel 9 interview of Jon Schwartz, UAC Architect, and Chris Corio, UAC Technical Program Manager, where they tackle UAC from various angles:
1) What problems does UAC attempt to solve?UAC - What. How. Why.
2) How does UAC actually work?
3) Why did we implement UAC UI to be so aggressive, from a user experience point of view?
4) How will UAC evolve?