UAC is not a security boundary and windows update system is hacked

I wonder if this is the windows update thats ended up on my laptop despite it having the wrong date of installation and was installed only after my samsung android was plugged in to charge from the laptop indicating besides my iphone being hacked so is a new samsung phone. And Ive never put this laptop since installation online and thus never done a windows update or downloaded updates from the windows catalogue website!!!

I think the only safe way forward is check kb updates against the ms kb catalogue
https://www.catalog.update.microsoft.com/Home.aspx

And do what the app store does, it adds a user account to its folder which even the system account doesnt appear to have write access to. So app store apps can use the OS but the OS cant touch the app store folder!

Despite most things appearing in the registry including most group policy settings, there is a small subsection of group policy settings which are securiry based and dont end up in the registry, which makes life awkward as that means no easy programatical way to set group policy settings and thus no easy way to lock down a computer, unless you have your own IT dept, who do it, make an image and that image is installed onto workstations throughout the organisation.