Everything is allowed to do that. You're right that it's not good security-wise which is why Apple blocked that sort of thing years ago. On Windows unfortunately the whole Win32 ecosystem is very dependent on programs injecting things into other processes, the API makes it quite easy and there's lots of sample code for it. It's a major source of stability and crash bugs there.

For example, antivirus products do this all the time, as do many video drivers and other system utilities.

Also, Explorer has various plugin interfaces where it'll load third party code and run it in-process since the very first version.

It's never a security flaw that a program running with administrator privileges is allowed to do something.

And this has been the case since Windows NT in 1993 according to a presentation I saw from Sami Laiho where he strongly argues that you don't need and should be a admin account as default.

From microsoft's documentation [1] > Administrator-to-kernel is not a security boundary.

I recommend the talk https://www.youtube.com/watch?v=Y09nAxZFKzc

[1] https://www.microsoft.com/en-us/msrc/windows-security-servic...

The security flaw is the administrator.

It's a security flaw that too many programs have too many privileges. Windows should have pervasive fine grained permissions like any other modern OS.

Yes and no. Windows has a very fine grained permissions system, including at the admin level. The problem is that it was designed for multi-user systems in the 90s, so the permission and security systems are mostly concerned about keeping users safe from each other, and having administrator roles for managing those users and doing system-wide tasks. Preventing a process from injecting code into another process by the same user running in the same session just isn't in the original threat model, since it's just the user screwing with their own stuff.

The shift towards protections from malware happened mostly as a consequence of Windows XP. There are now better controls, like assigning low-trust processes like a browser's renderer a low integrity level to prevent them from doing that. But it's also late enough that it's hard to rock the boat too much without breaking existing applications. Microsoft tried to make a clean break and offer more sandboxed applications with a user-friendly package manager (called the Microsoft Store) but this wasn't well received by app developers: most didn't use it at all, and those that did often opted out of the sandboxing.

Windows pervasive fine grained permissions is better than UNIX, it goes all the way down to OS resources.

The OS isn't to blame when people give root access left and right.

Actually this is why macOS got SIP.

Windows has a very fine grained permission system. But as you can see, the issue isn't a lack of this system.

What’s the difference between an uninstaller and any other process running as root?

Uninstaller likely running with admin privileges or as system. Despite it's huge surface area, explorer is not a super privileged binary on windows and is essentially a userspace program that has tons of open ports to plug in for many many apps. Locking it down like this would likely cause a lot of apps to break. I know for a fact microsoft keeps very close eyes on crash reports of their core apps such as explorer, and if your app causes a fault in explorer and you're registered on windows developer portal you'll get notified of this when they roll out beta insider preview releases.