I know what sudo does. I know about filesystem capabilities. I know about NFSv4 ACLs.
But look at e.g. passwd - it needs to be suid so it can update your password hash. It doesn't just get a token that gives it permission to update your password hash, it gets permission to do whatever the fuck it wants on your system. Then you have a whitelist of what it's supposed to be able to do in SELinux that should hopefully stop it from doing anything besides updating a password hash, but there's nothing to stop it updating the password hash for a user other than the one who ran it, or blowing away the password hashes entirely or something. Without SELinux, a bug in passwd has the potential to totally pwn your system, and with SELinux it a bug could still wreak havoc with the password hash database.
By comparison, on Windows when you want to change your password, the program can get a security token that just gives it permission to change your password. It doesn't need to escalate all the way to root privileges, you don't need a separately maintained whitelist for what this program can do. A bug in a password change utility on Windows can at worst change your password to something stupid.
That's not to say that Windows is perfect, or that applications will always only request the rights they need (plenty of "enterprise" tools grab all the rights they can all the time because it's easier for developers), but fundamentally security tokens are a better model than the *NIX approach of suid and hope it doesn't have an exploitable bug.