XP is antiquated in terms of its technology, in particular its security model. Vista, while not a hit with consumers, was a major step forward in security for Microsoft.
There is a certain irony in making an argument based on the security model in recent versions of Windows while we're in the middle of a thread discussing web browsers. Both Chrome and Firefox go out of their way to circumvent that security model, despite providing arguably the most obvious attack vector on many modern computers.
And frankly, the modern Windows security model isn't that great anyway. We can solve a privileged execution problem by nuking the machine and reinstalling from back-ups. It's a hassle, but it's a controllable risk. This is the sort of thing that the UAC measures help to prevent.
But if you don't have back-ups of your personal files, you're toast if they get deleted by malware. And since you probably have write access to those files even if you're logged in as a low-privilege user, and Windows doesn't separate which applications can access what data to that extent, the likes of UAC won't help you here. Sure, everyone should keep back-ups, but we all know that many people don't.
And the really bad stuff these days isn't destructive anyway, it's about data harvesting. If someone gets in and starts uploading sensitive data, or perhaps sending out phishing e-mails to people who trust the compromised machine's owner and think that's where the messages are coming from, UAC isn't much good there either. You need firewall and antivirus tools for this sort of threat, and we had those with XP, and if you're doing it seriously you don't run them on the same computer you're trying to protect anyway.
If you can upgrade from XP, you should.
Sorry, but I don't think you're anywhere near making a case for that yet.
Most malware does not seek to just nuke user files; it seeks to set up a permanent hidden presence in the machine. Windows 7 makes this much harder to accomplish with technologies like ASLR.
Security depends on layers. Chrome is more secure than IE, but you can run Chrome on Windows 7 too. If Chrome--or one of its plugins--are compromised (it is not perfect software after all), then the security features of Windows 7 will give you better protection than XP.
Maybe you don't believe me, because I'm just some guy on the Internet. That's fair. But I would challenge you to find a computer security professional who thinks XP is as secure as Windows 7.
Most malware does not seek to just nuke user files; it seeks to set up a permanent hidden presence in the machine.
I don't know whether "most" is true, but sure, a lot of malware does that. But that's not why it's dangerous. If you manage to install something that changes my wallpaper to a cute cat picture every few days, it's probably going to be mildly irritating after a while, but I'm not going to lose any sleep over it.
Chrome is more secure than IE
Again, I feel the need to point out the irony of your example: Chrome actively circumvents the more recent Windows access control mechanisms by not installing itself properly so that it can do the silent auto-updates without any further UAC-style prompting.
But I would challenge you to find a computer security professional who thinks XP is as secure as Windows 7.
Well, now you're moving the goalposts. But as a guy who spent this afternoon working on security code that's going to be run by the likes of banks and government institutions, I prefer to make my judgements based on evidence rather than hear'say, and so do they. Incidentally, many of those clients are still running Windows 2000 and IE6, obviously along with many other security measures, and installing Chrome in some of those places would probably get you formally disciplined.
There is a certain irony in making an argument based on the security model in recent versions of Windows while we're in the middle of a thread discussing web browsers. Both Chrome and Firefox go out of their way to circumvent that security model, despite providing arguably the most obvious attack vector on many modern computers.
And frankly, the modern Windows security model isn't that great anyway. We can solve a privileged execution problem by nuking the machine and reinstalling from back-ups. It's a hassle, but it's a controllable risk. This is the sort of thing that the UAC measures help to prevent.
But if you don't have back-ups of your personal files, you're toast if they get deleted by malware. And since you probably have write access to those files even if you're logged in as a low-privilege user, and Windows doesn't separate which applications can access what data to that extent, the likes of UAC won't help you here. Sure, everyone should keep back-ups, but we all know that many people don't.
And the really bad stuff these days isn't destructive anyway, it's about data harvesting. If someone gets in and starts uploading sensitive data, or perhaps sending out phishing e-mails to people who trust the compromised machine's owner and think that's where the messages are coming from, UAC isn't much good there either. You need firewall and antivirus tools for this sort of threat, and we had those with XP, and if you're doing it seriously you don't run them on the same computer you're trying to protect anyway.
If you can upgrade from XP, you should.
Sorry, but I don't think you're anywhere near making a case for that yet.