If almost all binaries are treated by Windows as suspicious (in general: if there's a whitelist), then a request for an administrator password will be unconsciously and automatically given.
I think a giant red banner to an experienced user (someone installing SSH on Windows) will cause pause to any user who needs to care about this sort of thing
Alternative explanation: there's no central whitelist, windows just checks to make sure that the internal checksums all match up?
(I don't know which is true, but if we're speculating, I imagine the latter would be more realistic than a huge checksum database bundled with the OS. Though maybe it's a small checksum database that only includes the personal favourite tools of the windows developers? :P )
I don't know how exhaustive the database is, but it looks like it just phones home to MS: http://news.softpedia.com/news/Windows-8-Secrets-the-Built-i... (second screenshot). Might do the same "bloom filter plus server check for false positives" that browser malware filters use.
Checking with a valid but extremely uncommon downloaded binary shows the same red banner (as well as a Chrome warning).
Repro steps (Windows 8.1, desktop IE 11 or Chrome 33):
1. Download putty.exe from any shady source
2. PuTTY runs without prompting
3. go to mega.co.nz (an extremely shady source), upload your copy of putty.exe
4. download it again
5. this version of putty.exe also runs without prompting
6. open your hex editor of choice, change a byte in a text string
7. upload this tampered version of putty.exe to mega.co.nz
8. download and run it
9. observe full-screen modal red banner: "Windows Protected Your Computer" requesting an Administrator password to run suspicious binaries.