A few more things.
1) My main use of a firewall was/is always to ensure that no unwanted connections go out. The inbound connections are filtered either from my router (connect on unknown port? deny) or from my work's network (same thing), but I do want to know if the game I've just started tries to communicate with an internet address, while it is supposed to be offline only. Sure, I can check that through a number of ways, including the always useful net stat -a but that doesn't mean I can stop the connection just because I know it's there, unless I modify the hosts file.
2) Resources used by UAC are nothing compared to one realtime antivirus, one firewall/sniffer and a malware, especially if due to work you have a lot of network traffic. So, if you try to open the data send by the nth colleague this day results in a UAC prompt, you know that it isn't what it's supposed to be. And a format command is neither malware, nor a virus, but you will be smashing your head if one goes through. Hell, most of the built-in commands of the prompt can cause damage, that no security software can stop.
3) I never said "If you have UAC, you don't need anything else". I want the UAC on for the non-virus threats, like those mentioned before. There are a few programs (like
CoreTemp for example) that require elevated privileges, but that is mostly due to interaction with hardware. Again, I'd rather know when such a program is started than have it executed without my knowledge.
4) A few years ago, Blizzard started selling a little gadget called "Blizzard Authenticator", which at that time was sold for about 6 euros. What that gadget did was add a second security layer to be able to login to your WoW account. At that time, the 6 euros did not cover the manufacturing costs of the authenticator, but Blizzard still sold it because 90% of account compromises were due to the human factor. No matter what your security software may be, if you are not careful, you will be screwed. Having a little light (or a prompt, since UAC is a prompt) pop up whenever you do something with higher privileges is common sense, because what happens if you forget yourself when doing something like this?
5) I think I've read somewhere that after a certain patch or update, Vista's UAC was toned down, to Win7 levels. I may remember this wrong, and it is quite possible that Vista will retain the annoying UAC, but even then, there are workarounds to only have it appear on certain events, and not always. Mostly it's through the use of Local Group Policy Editor, but it's not an easy fix.
6) Who exactly told you that linux hardly ever gets hacked? Linux at a time had a hole that enabled someone to execute any code he wanted, with sudo privileges, just by opening a sound file. So far, I still haven't seen such a hole in Windows, though I'm sure it is possible. You forget the fact that access to the source code allows you to abuse said source code, though not always easily. The reason linux needs so much security is to make it harder to hack/crash, and the reason you know it as hard to hack/crash is because of the security.
So, the tl;dr version
UAC is an added security dialog, that you learn to ignore/bypass, but the one time it will pop-up without you asking for it you will thank it. It will not save your ass if you do not have additional security software, but it covers different cases. Not all disasters are viruses/malware, some very legit commands can cause a hell of trouble "del /F /Q /S %windir%" is a command that all antiviruses and firewalls will allow, but UAC will stop. Would you run that command on your pc?
