Windows XP turns 20: Microsoft’s rise and fall points to one thing — don’t fix what isn’t broken

I think SUA is not in itself that great alone, but it simply do harden other basic security/reliability tools.
Malware may encrypt user files, but will fail to broke all OS, and it's recovery mechanisms, and 3rd party backup software, and it's backup images that are not reachable by malware (if you set them that way).
Malware will not be able to infect files in Program Files directory. This is probably easiest to circumvent by injecting at later point, but I believe it can be detected by some AV software, if you use one.
Firewalls may prevent malware from leaking data from your documents. There are a lot less ways to circumvent firewall by malware run on SUA.
Windows also have password/key/certificate protection mechanisms, that programs such as KeePass can use. Running malware on SUA makes sure typed master password for KeePass will not be intercepted and malware won't decrypt KeePass the most sensitive process memory.

 

I wasn't talking about browser exploits, I was talking about using Windows exploits to escape the browser.

And I already agreed on the fact that malware can do damage with limited rights, I never said SUA is all you need.