Something that I preach a lot about is the notion that the average user, that includes developers, does not need to log into their machines with admin priveleges. Even within Neudesic, where you will find some of the best developers anywhere, I find it to be an uphill battle.

I have been running as not non-admin for about 3 years and I can tell you that there is nothing that I'm prevented from doing when necessary. More importantly, I have never been infected by a virus or malware.

eWeek recently did a study of the number of attacks based on how the user was logged into his machine and the numbers, IMHO not surprising, are astounding.

Look at the graph here and then read the full eWeek story.

The bottom line is that running as LUA significantly reduces the possibility of a succesful attack.