Least Privilege
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] http://www.threatcode.com/ has some excellent resources. She referred me to Aaron Margosis' WebLog which explains the concept of Least Privilege much better than I:

From http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157866.aspx Not running as admin... The security principle of "least privilege" is well understood: Software should run with the smallest set of privileges needed to perform its tasks. Low-privileged processes can do a lot less damage when they are compromised (or just buggy) than processes running at high privilege levels. Windows has made great strides to run services with lower privilege than in the past. However, Windows users who are allowed to administer their own machines (including most Microsoft employees) usually run with Administrator privileges all the time. That is, the account with which they normally log on is a member of the local Administrators group (or worse, Domain Administrators). Everything they do, from reading email, browsing the internet, instant messaging, writing documents, and writing software, is performed with full (and unnecessary) administrative control over the entire computer. Email, web browsing, and instant messaging do not require administrative privileges, and are common avenues for malicious code to attack end users' systems. To be more secure, users should log on with a Limited (or "Least-privileged") User account (LUA), and use elevated privileges only for specific tasks that require them. Linux/Unix users have understood this for a long time, so this remains an area where Microsoft is perceived to lag in thought leadership. Unfortunately, Windows does not yet make running as non-admin as straightforward as it needs to be. Hopefully Longhorn will address these shortcomings. In the meantime, though, there are some neat workarounds that greatly mitigate the inconveniences.