The problem of "letting a non-admin user installing software" versus "not
allowing malware to take over the entire system" is still unsolved.
To worsen things, these days the main objectives of malware are "(2)
recover this user bank passwords, CC numbers, and SS-equiv number"
and "(1) send the greatest possible amount of spam" because that is what
the market want from malware. IOW, once the user is fooled to execute
_any_ malware (even non-rootkitting malware) the damage is done.