Which is completely different. Sure, malware bypasses security software all the time. But security vendors will do everything they can do to fix it. Microsoft has been made aware of the insecure default setting during the beta tests of Windows 7. They decided not to fix it, because according to them it is "by design". Microsoft themselves designed UAC to be insecure on any level but the maximum level. So if you want to use UAC, better put it to maximum.