Vista's UAC Warnings Can't Be Trusted, Symantec Says

reading on it says: you can manipulate the color of the warning to the point that it looks like windows itself created the warning. This sounds evil. but reading on:

<SNIP> “The most likely scenario is that a user gets compromised by malicious code, from a Trojan [horse] or a vulnerability in a third-party application like Office or a browser,” </SNIP>

SO where is the point now. If I am compromised, what is the problem of running any code. Sounds like a Chicken<-> Egg problem to me. To compromise the OS I have to compromise the OS, and for that I have to compromise the OS and for that, I have… (hmm didn’t I just say that?)

Major point here is: user awareness… Isn’t that always the point? If a user is gullible, he has a problem. O wait this is Real life… Can I have your credit card info? And if I say pretty please?