But perhaps creating two accounts, one in wheel and the other not, and doing work other than software installation as the user not in wheel would make it harder to social-engineer users into elevating.
I've read TFA twice now and I still can't figure out if that's what the authors are trying to suggest, or something else entirely.
The entire point of UAC/sudo is to allow users to run in a standard context for day-to-day activities, and to quickly elevate certain applications/actions when it's required. Unless something has gone terribly wrong here, applications running un-elevated under an admin-capable UAC account have no more rights than an application running on a non-admin-capable account in the first place. Until elevation takes place, it's for all practical purposes a non-admin account.
So what is TFA trying to suggest, and what is their metric? Are they saying UAC is broken and applications are trivially executing privilege escalation attacks? (And if so, how are standard accounts not affected?) Or are they just saying that since users can escalate applications, the OS automatically counts as vulnerable to the attack? In other words, is the argument that we should be doing away with UAC/sudo?