Its interesting that a patch on privelege seperation escalation, while be ranked serious, would have so little effect on most users because most computer illiterate users do not know how to use them, the OS contains what is a major problem in that it does not encourage these users to use the feature.
Most of your common windows users do not use any kind of privilege seperation, they go right in as a superuser account, because, they don't even know what any of this stuff is. Windows ironically seems designed in such a way that it assumes that every user is a very literate on how to properly setup and use an operating system. To get the situation with viruses under control would require having a model whereby the system comes default in a secure, recommended state but also allows expert users to override that if necessary. Most common users will not do this, they can barely understand anything in the control panel anyway. The resulting situation would not be perfect but better than now but also would not prohibit customization by experts.
This initial state would put the user in a non-priveleged account by default and would not offer a login choice for an administrator account. It would also include a prohibition on executing any user downloaded programs in the users directories, only programs which are root writeable only in the main system directory would be executable, this makes it much harder to download and execute viruses. Programs could only be installed via an app store, or via a physical distribution that has been registered, approved and cryptographically signed by OS vendor. Program installers would be given the minimum permissions they need to install themselves and would install into an file system overlay environment, allowing any effects of the installer to be easily tracked and reversed, they would not have direct access to a large number of system files which they have no need to touch, and would be restricted to their own subfolder in the registry.
I find it ironic that Mandatory access control, which is more badly needed on newbie computers to stop these users from downloading EXEs to their home folder and executing them, is unavailable in Home Premium, where the feature is most badly needed.
The restrictions could be disabled from the control panel if needed but the idea is that most users use the default configuration that they are given so this would be a vast improvement over how things work now. The proliferation of viruses would be drastically reduced from all of this.
These ideas are good ones for any operating system which are for illiterate computer users.