And Apple's OS X, based on BSD Unix with a designed-in, not bolted-on-afterward, approach to security, will continue to have the smaller, stronger, and better defended attack surface for the foreseeable future. Windows has gotten much better over the years, and it's largely on a par with OS X with regard to most aspects of user security. But its internal complexity works against the goal of a simple, strong structure with inherently minimal attackable characteristics. That's just a fact.The Windows security model, which originated in Windows NT, was designed in from the start. Windows users are, unfortunately, used to running as an Administrator (*nix equivalent of root). UAC is essentially the same thing as the sudo feature on Linux and Mac. It's not some "bolt on".
Well, you're right about Windows users being used to running as an Administrator. But for the rest of what you said, I don't quite agree.
Windows NT, as originally designed by Dave Cutler with VAX/VMS as its model, had a very good, if overly complex, security model. It was, however, compromised severely as Microsoft turned it inside out to make it more like Windows 95. Stability was compromised by designing it to run drivers in kernel space (that's where most BSODs are from), and security was compromised by not enforcing simplicity when adding features. Convenience was held higher than security for a critical decade, until it became clear that XP was unsustainable and they brought out SP2 and broke a bunch of stuff because they had to. Then Vista UAC was added to the user interface, shifting responsibility to the user instead of making the system more intrinsically robust.
UAC is not "essentially the same thing as sudo". Sudo is not a privilege elevation of a process per se, it's you becoming root. The closest Windows comes to sudo is "Run-As Administrator", except that Run-As Administrator isn't really that, it's more like "run as something kinda like Administrator, except that you're really not Administrator, and the program you're running can tell, and it won't run exactly like it would if you were really Administrator." Believe me, there are plenty of things you have to do logged in as the Administrator that you cannot do with Run-As Administrator. Sudo on Unix/Linux/OS-X actually makes you root -- your effective user ID (euid) actually changes to 0 (root). That is not true in Windows; you do not become the Administrator. And anyway, that's not UAC.
UAC is selective process privilege elevation, the same "Mother-May-I" user prompt which in OS-X is the prompt for an administrator username and password. In both cases it makes the user responsible for making a decision they may not be qualified to make. But there's no other way to limit privilege elevations.
Beyond all that, the actual point of my original comment was that the more secure a system is inherently, the less you have to worry about all this Mother-May-I crap. Unix has a relatively simple internal structure and is inherently more secure than Windows, which is incredibly complicated*. The original NT would have served much better if they hadn't weakened it, and then had to bolt on things like UAC after the fact -- UAC appeared first in Vista, 15 years after NT was designed.
* There is a famous quote from one of the senior members of the Vista team, when a flock of them quit when Vista was released, admitting that "There is no one at Microsoft who actually understands what all is inside Windows and how it all works". That's one hell of an admission, when you consider that there are literally scores of people who understand quite thoroughly how Unix and Linux work.