The trouble, according to Rivera and Long, is that attackers can use one of several pre-approved applications to fool Windows 7 into giving a malicious payload full administrative rights, something it would not have if the user was following Microsoft's advice and running the operating system in standard user mode

The link is here (http://www.computerworld.com/action/article.do?command=printArticleBasic&taxonomyName=Security&articleId=9127392&taxonomyId=17)