Both wrong.
The purpose of the UAC is to ease both end-users and developers into doing some things right, which prior to Vista and UAC were predominantly done very very wrong. MS was catching flak about security because of the users and developers who were doing these things wrong, and was probably somewhat tired of it.
Goals of UAC were:
1: Get people to use a non-privileged user unless they are making system changes.
2: Get developers to program their apps correctly for a multi-user system, so that their users can use a non-privileged account and still do everything they want without issues.
3: Provide relatively non-intrusive permissions escalation so that people will continue to operate as a non-privileged user instead of just turning UAC off.
And, it mostly worked. App developers who were saving the user's documents in Program Files or the root of the C: drive finally had to stop doing that and learn to use the user's profile directory. Developers who were writing code that blindly attempted to open secure locations with write permissions all the time (because the dev was too lazy and just put 'write' permission on every file open statement) had to stop doing that. People who did not turn off UAC now find that after they're done installing all their stuff, they only get UAC notices on occasion when it's relevant. People who have used Unix, Linux or Mac know that the Windows UAC prompt is less intrusive than the prompts on those systems, which require entering their password or even switching to an administrative user entirely.
And now, Windows is more secure because an app can't randomly modify system areas without the user knowing. It's already caught one trojan before it could execute on my machine.
