So, like it or not, we simply need to engineer the security of the
operating system such that untrusted code running in your desktop
session can do as little harm as possible.
Ok we're pretty far afield here but I don't disagree with anything you're saying here - all that work would help - but it doesn't change my opinion that by far the biggest bang for the buck in terms of security is making sure we get updates as painlessly (well tested etc.) as possible. And hence, that's why we should not have any password prompts for updating.