Also legitimate software (i.e. firewall/AV) cannot use "oldschool" tricks like system service descriptor table hooks to obtain godlike privileges these days, while malware sometimes can do this by exploiting vulnerabilities, so in such cases it may be an unequal fight.