This topic sadly always causes so much confusion.
It's sad because this is a topic that everybody needs to understand.
Everything they do on their PC and all further security measures build on top of this.
Get the basics wrong, and people will be trying to build a tower on sand - it will not last when the storm hits.
There are two main things to understand :
UAC are NOT a security boundary.
Standard User Account (a limited user account) on the other hand ARE a security boundary.
End users only read the first line and do not understand the second.
It has over the years been extremely difficult to get users to understand this.
To break everything down :
A limited rights user account has always been the primary security that guards the system from the user.
This has been the case on ALL OSs since the dawn of computing.
Unfortunately Microsoft made a very bad decision many years ago and gave their default user account administrative rights.
This unfortunate decision backfired and produced a flood of sloppy programmers who was never taught discipline and they thought it was ok to mess around in the kernel and to write code that accessed system areas at will.
Nobody cared that programming at the time was done wrong, since all users where all set up with admin rights.
When Microsoft realized their mistake, they had a tough choice to make.
They could do it the safe, but hard way - make the default user account a limited user in their upcoming OS and thereby making everyday computing A LOT safer but at the same time they would break every program written by those sloppy programmers.
Realizing the support nightmare this would be, they came up with UAC instead.
UAC are a middle road. It virtualizes those system areas that the sloppy programmers accessed but should have stayed clear of and it gives end-users a easy way of shifting between users without having to log out of limited account and into admin account and vice versa.
This is as said a middle road.
It's safer then the old full-admin account, but not as safe as a limited account (now called Standard Account in Windows)
UAC was meant to hold hands on all those sloppy programmers until they learned proper programming and it was a way of making sure that the end-user would not be driven mad with logging in and out of accounts constantly during these years.
The end goal is and has always been, to get Windows end-users moved over to the safe limited account.
But it is a slow process.
Now, completely unrelated to all this, then in the same years as all this took place then we began to see HIPS solutions entering end-users PCs in certain segments.
HIPS produced prompts.
UAC produced prompts.
Both happened when users started a program.
This is where things began to go wrong, regarding the understanding of the underlying mechanisms.
We began to see a lot a posts and blogs from people that didn't understand the difference.
They thought HIPS and UAC where related and came up with all kind of ridiculous claims due to this misunderstanding.
Some of these misunderstandings are still being posted to this very day.
The difference are :
UAC are the best possible middle ground in protecting system areas from user space, while still preserving compatibility with programs done by sloppy programmers.
And UAC has become a lot tougher over the years, especially if set on max on WIN10.
The ultimate protection of system areas are when using your PC from a limited account in your daily work (now called Standard Account in Windows), while keeping the admin account password protected.
This is IT security 101 - protect system areas and keep the strongest boundary between system area and user space.
This is what any user should do.
HIPS has nothing to do with the above. HIPS will never be able to perform the safeguarding mentioned above.
HIPS are just a supplement to the above, where you can monitor and regulate what execute and interact from user space.
A limited account (Standard Account) are the fundament in system security.
HIPS are a added supplement. Something you can add if micromanaging user space is your cup of tea.
