Usually, installation of a trojan in Windows will trigger the UAC. It doesn't request a password like in OS X, but it does require user authorization.
Unless, of course, if the loon has disabled UAC because he/she thinks it is inconvenient to be asked for permission before a program is allowed to do something administrative.
Generally, a user who would be at risk of trojans in Windows is also at risk while using OS X.
Taken from the Wikipedia article on UAC, the actions that require permission is:
Running an Application as an Administrator
Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
Installing and uninstalling applications
Installing device drivers
Installing ActiveX controls
Changing settings for Windows Firewall
Changing UAC settings
Configuring Windows Update
Adding or removing user accounts
Changing a user’s account type
Configuring Parental Controls
Running Task Scheduler
Restoring backed-up system files
Viewing or changing another user’s folders and files
Running Disk Defragmenter