How would one achieve this on Windows short of having the entire Windows install be isolated from your main OS? I would assume most users would not want to run their games in a VM inside Windows for performance reasons.
It would probably be better just to have a separate partition with a separate OS install. Either way, as you indicate, this is an unusual imposition on the user. Valve are holding themselves to a much lower standard than one would expect.
Disable the Steam service. Run Steam only on a separate user session with limited rights (no admin and no access to your files). So essentially you'd have to manually switch user, via the login screen, to play your games.
As far as I'm aware, Steam makes its own folder writeable by everybody. Besides, you should get an error instead of the UAC if you're running as a non-admin account.
