What changed was the availability/cost of hardware and much improved graphics driver situation. Vista RTM had some serious driver performance issues thanks to the new WDDM. Although resolved later in it's lifecycle, it was too late to shed that stigma.
I agree, but I think that technology journalists were too harsh on this aspect of Vista. It was Microsoft's only really serious attempt at shoring up single-user security on Windows, and I think that its poor reception contributed to Microsoft neglecting to make any improvements thereafter. xkcd.com/1200 is still embarrassing relevant over a decade later.
I think it was too early really. These days everyone bugs you with confirmation screens. IOS, macOS, Android all do it too.
But in the vista days security was not yet so much on the radar for most people. In fact even for companies. I remember working for a company where all the laptops had the same local admin password which was the company name + "123". I'm not exaggerating. There was also no full disk encryption used. These were also the days most websites would use plain http.
With that in mind I just don't think the importance was clear yet to most users. They just saw the negatives, not the benefits. Post Stuxnet and Wannacry/NotPetya things are really different.
Ps: it wasn't like that for all of course. I also worked for another company in the late 90s that had all their laptops equipped with windows NT 4.0 with full disk encryption (aftermarket of course as it wasn't yet built in), managed admin account and the whole shebang.
Plus Vista's UAC was far too intrusive.