On the subject of Windows security, Steve Gibson has never been bashful in pointing to the raw sockets being available in previous versions of Windows. I have never heard a reasonable rebuttal to his argument that raw sockets were never a necessity and always a source of computer compromise. It has been a while since I caught up with the newest from GRC.com, but I have used his socket utility, UPNP, and Shoot the Messenger on every Windows I have installed or repaired since.
It seems to me the best source for improving security is with the ISPs. (there was a thread on a similar subject at Seven Forums, that I didn't follow) Millions of compromised computers world wide are currently spewing malicious content, filling the web with trash. An ISP can make securing one's computer part of the EULA, sort of like driving a safe auto. An ISP can easily see what computers on their network are spewing trash, they probably do now. I know a local State University that will shut off the network jack if it is seeing above normal traffic. When the computer has been cleaned, the network access is restored. One USA ISP is purposefully limiting traffic to torrent sites because of the increased use of bandwidth. If the ISPs would take responsibility for the users in their network there wouldn't be any "botnets". That threat would be severely curtailed. It would also be easier to pull the plug on offending ISPs that fail to act to keep their networks from being used by "botnets".
The nature of assigning domains today allows for anonymous owners of a domain. Botmasters only need the domain for a few hours because they can line up hundreds and move from one to the next faster than Microsoft can track and shut them down. Even legit domain registrars can be used this way, so how do you prove they are culpable and shut them down? Again, if you take out the compromised computers you take down the botnet.
In the end, requiring an ISP to accept responsibility for its user's security as part of it's contract with ICANN or it's service provider seems to be the only way to spread the responsibility around evenly everywhere.
I would say UAC should be customizable. In the sense it should remember the selection and act accordingly. MSE cloud version is good !! MSE little more advance like brower intergration etc.
Hot switchable Admin/Normal user modes, so you don't have to log out and log back in ever time you want to install something.
I think a bit more control in UAC would be nice. I'm sure they've all been mentioned, but adding an ability to specify what a program is allowed to do that way I don't have to click ok every time I open CCleaner or Revo. I'd also like to be able to tell the computer that certain programs should require an admin password to open even if they're not affected normally by UAC.