Well, you're right about Windows users being used to running as an Administrator. But for the rest of what you said, I don't quite agree.
Windows NT, as originally designed by Dave Cutler with VAX/VMS as its model, had a very good, if overly complex, security model. It was, however, compromised severely as Microsoft turned it inside out to make it more like Windows 95. Stability was compromised by designing it to run drivers in kernel space (that's where most BSODs are from), and security was compromised by not enforcing simplicity when adding features. Convenience was held higher than security for a critical decade, until it became clear that XP was unsustainable and they brought out SP2 and broke a bunch of stuff because they had to. Then Vista UAC was added to the user interface, shifting responsibility to the user instead of making the system more intrinsically robust.
UAC is not "essentially the same thing as sudo". Sudo is not a privilege elevation of a process per se, it's you becoming root. The closest Windows comes to sudo is "Run-As Administrator", except that Run-As Administrator isn't really that, it's more like "run as something kinda like Administrator, except that you're really not Administrator, and the program you're running can tell, and it won't run exactly like it would if you were really Administrator." Believe me, there are plenty of things you have to do logged in as the Administrator that you cannot do with Run-As Administrator. Sudo on Unix/Linux/OS-X actually makes you root -- your effective user ID (euid) actually changes to 0 (root). That is not true in Windows; you do not become the Administrator. And anyway, that's not UAC.
UAC is selective process privilege elevation, the same "Mother-May-I" user prompt which in OS-X is the prompt for an administrator username and password. In both cases it makes the user responsible for making a decision they may not be qualified to make. But there's no other way to limit privilege elevations.
Beyond all that, the actual point of my original comment was that the more secure a system is inherently, the less you have to worry about all this Mother-May-I crap. Unix has a relatively simple internal structure and is inherently more secure than Windows, which is incredibly complicated*. The original NT would have served much better if they hadn't weakened it, and then had to bolt on things like UAC after the fact -- UAC appeared first in Vista, 15 years after NT was designed.
* There is a famous quote from one of the senior members of the Vista team, when a flock of them quit when Vista was released, admitting that "There is no one at Microsoft who actually understands what all is inside Windows and how it all works". That's one hell of an admission, when you consider that there are literally scores of people who understand quite thoroughly how Unix and Linux work.
Please, spare me the lectures about how Windows works.
I agree with some of what you say, but I also take exception to some of it. It sounds like your understanding of Windows is about 10-12 years out of date. I’ll give you some examples.
Let’s take your first point, about drivers running in kernel mode. Linux, OS-X, and Windows all have aspects of the system code that might be considered to fall into the category of “driver” and that is running in kernel mode. It’s pretty much a necessity for performance.
Things that don’t need to run in kernel mode, generally don’t do so. A good example of that is the user-mode driver framework supported in all recent versions of Windows. Most drivers that can run that way do so (for example, USB device drivers, printer drivers, etc.).
REgarding UAC, I understand that UAC is not exactly the same as sudo, but it’s effectively equivalent for the point I was making. The user is running with reduced privileges, but can temporarily get a privilege boost to perform some action. And BTW, “Run as Administrator” is pretty much the same thing as what happens with UAC - the process token has the same user account associated with it, but the token temporarily gains Administrator permissions. The only difference is that when people say “UAC” they are generally referring to the OS popping up that box asking for permission before elevating privileges. The benefit of this model over sudo is that you retain the user identity, so any auditing that is done will show which user made the change.
Personally, at times I find the Windows security model over-complicated, although I do like aspects of it better than *nix (for example, I find the simplistic file permission model in *nix limiting at times).
I completely disagree that the security model in Windows now is a weakened version of what was in NT. That’s just not true at all.
And in any event, the security issues the hackers exploit really have little to do with the underlying security model. With few exceptions, the problems generally fall into one of two categories: 1) User’s doing stupid stuff and giving malicious code permission to run amok through the system, or 2) Some bug in the OS code (or browser code, or browser plug-in code) allowing an exploit. The article in this thread is an example of category #2.
Finally, your comment about Linux versus Vista complexity is just flat-out wrong. No one understands every aspect of Linux, nor OS-X. These systems are all too large for one person to understand it all from end to end. Even Linus Torvalds doesn’t understand every module that’s part of a modern Linux distro.
That said, I agree that there are things in Windows that are poorly designed or unnecessarily complicated, and that are better in Linux. My favorite example of that is the Windows driver model, which is an absolute nightmare compared to the elegant “everything’s a file” model of Linux (not sure what OS-X driver model is, is it even available outside of Apple?).