Well, we certainly can live with it just fine and have done so since the days of Win2000. At the end of the day, security is a trade-off and we have accepted that the relatively minor inconvenience of "standard users" (and for our case it is indeed minor) is less than the inconvenience of a malware attack. It is a balance which everyone has to make.
The same is true for work environments. Where I work security is a very high priority (for reasons you are free to speculate about) and therefore a very restrictive regime operates. There is an approved list of applications (about 200 I think) almost all of which are distributed via App-V. Some can be installed by anyone, whilst for more restricted ones you have to apply and get added to the necessary AD group. In all cases, no admin access by users is required. There is no possibility of adding your own applications as all areas writeable by users have the Windows equivalent of "noexec". If you try to install and run an executable then it simply won't start and logging software will register the attempt and dispatch a warning to your manager.
I have to say however that for most people this regime is not a serious hindrance. The common applications, Office, Chrome, Acrobat Reader etc are all installed by default and update automatically in the background so most users never have a problem. Power users who need admin access for specialist none-approved applications can use their browser to access a VMWare cloud environment and spin up VMs (Windows and Linux) where they can do whatever they want (albeit behind a very restrictive firewall). It all basically works fine and no-one ever experiences a problem with their clock not being set correctly! Mind you, I suspect that our IT budget is significantly higher per seat than yours. Yer pays yer money and yer takes yer choice!