I was recently told that if your UAC level is anything less than the maximum (always notify) then malicious programs can programatically lower your UAC settings, thereby rendering UAC useless.
Now, I remember this being an issue in the Windows 7 beta, but that is was fixed in the RC:
With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation. (source)
So, which one of us is outdated? Is it me that haven't caught the new rootkits available or is it the other guy that didn't pay attention to things being fixed in the RC?
Is there a working way to lower UAC levels without the UAC prompt?
On a standard Windows 7 system, the answer is no with a couple of buts.
The UAC control panel is a High Integrity Process and MS has said in the blog post you cite that the UAC interface will always require elevation, but...