I agree with your take - and let me add: Much of the corporate client software written to run on Microsoft platforms REQUIRE the user to run the client as local admin and I think this is where the problem is. Billions of corporate dollars are preventing MS from doing the right thing and forcing software writers to obey the security laws that dictate that the end user NOT be allowed to run as local admin. It is the most annoying problem I deal with at work.
Oh, absolutely. You are dead on with that. Further, how many intranet web applications have you seen that pretty much require you to run IE with a big "my security is almost completely turned off" bullseye pasted on your back? Almost nothing pisses me off more than that. I'm not just talking 3rd party solutions either. Microsoft itself is a major offender here. The worst, though is Siebel. God, what an unholy mess that is! I don't even want to talk about it, it is that bad.