It seems that when it comes to MS bashing, some people's brains simple stop functioning.
What does running as local admin have to do with spywares?
Spywares do not need to be run as admin (root, wheel, whatever) to do damages. Is your e-mail messages, browser settings, and login scripts saved under different user account? I think not.
If your browser is vulnerable to spyware, you will get infected regardless of whether it is running as admin or not. It just simply installs itself in the user directory and modifies the login script to run every time you log in.