The one side is arguing based on the material in the book. Several questions are expecting a textbook answer and UAC is explicity referred to in a paragraph above the security related issues and not under the security related heading.
This is the way I see it:
UAC is based on controlling access to ressources based on which privileges a user has at the time of executing a program. with UAC on, that would be the least priviliges required to run an applicaiton. Priviliges mean effectively permissions on files, settings and folders.
When we talk about security we usually differentiate between physical security, securing access to the data and securing the information itself.
- We put our servers into locked rooms to secure the physical aspect
- We put firewalls and passwords in place to secure access to the data
- We put encryption in place to secure the information itself contained in the data.
Thus when anybody asks me if UAC could be a possible cause for security related installation or execution problems I'd go for "yeah, sure it is. look there first!"
Be sure to mention to your students that the paragraph in Module 3-1 headed "Security-Related Problems" should reall be labelled "Other Security-Related Problems" to avoid this discussion :-)