When logging into Windows as a standard user, a logon session is created and a token containing only the most basic privileges is assigned. In this way, the new logon session is incapable of making changes that would affect the entire system. When logging in as a user in the Administrators group, two separate tokens are assigned. The first token contains all privileges typically awarded to an administrator, and the second is a restricted token similar to what a standard user would receive. User applications, including the Windows Shell, are then started with the restricted token, resulting in a reduced privilege environment even under an Administrator account. When an application requests higher privileges or "Run as administrator" is clicked, UAC will prompt for confirmation and, if consent is given, start the process using the unrestricted token.

From what I understand, what that last sentence means is that either the UAC dialog is displayed before the app loads so that it is started with the unrestricted token, or else if it is started with standard user privileges and needs elevated privileges in between for some work, it needs to get the user's consent and then spawn a new process which then runs with elevated rights. The token assigned when a process starts is what determines its rights. This token cannot be changed later, so if more rights are required, a new process needs to be spawned.

In this way, UAC is not exactly the same as sudo.

Under Windows, the UAC prompt is triggered when you attempt to run an executable that is marked as requiring elevation in a manifest embedded in the file and you're not already running elevated. The behavior is more like setuid than su in that it's the file, not the command that tells the OS that the executable is to be run with different credentials.

It’s because they are different, plain and simple. UAC could have been implemented like sudo, but it was not.

You can think of it as an analogy with network protection.

sudo is like when a program requests network access and your firewall prompts you to grant it or not. You can say yes and the program will open the socket, or you can say no and it will complain about a lack of connection and do whatever it can do without network access (some poorly designed programs actually crash). For example:

function1();
input();
function2();
secure_operation(); //requests access
function3();        //may depend on results of previous operation; error-checking important

UAC is more like the warning that you get when trying to open a file that was downloaded to an NTFS volume. Windows warns you about potential badness and asks if you want to run it (at all) or not. It’s an all or nothing operation; you can’t choose to trust only part of the program and not others. For example:

if (requires_high_priv(program)) {
  if (request_priv(program))
    program();
}
else {
  program();
}

You have to remember that unlike Linux which is geared more towards advanced users and applications, Windows is designed to be user-friendly to as wide a variety of users as possible, so simplifying security is paramount. Moreover, because of its large exposure surface, it is a frequent target for malware, so it makes more sense to either completely trust a program or not at all.

I do not thoroughly know linux architecture, so forgive me if I make a mistake, but my understanding is that Linux and Windows are not that different at all in this respect...

An example... A copy script that does a copy of a normal file to a non protected location and a file trying to copy to a protected location, then a regular copy again.

My understanding is that in Linux, an application simply runs and tried to do an action - if it doesn't have permission to do that action - it will fail that action, but carry on. In the example above - when running the copy script in Linux as a regular user, it will copy the regular file, give a permission issue and copy the second file - if run with sudo, it will do all three copies.

Windows is exactly the same in this regard - running the script as a non administrative user will simply copy one, permission issue the second and copy the next. With UAC, it will run all three.

The difference is that a lot of Windows applications simply have a configuration set so that they ask for UAC elevation by default and quit/fail if they don't have it.... but, that is becoming a lot less.