My company operates in a Windows centric industry and our software team uses it as well.
It turns out you don't need administrative privileges for a lot of dev work (installing and running vs code, python, node, many databases, etc...).
My experience is that sudo apt-get install is a Linux Distro thing, most programs don't need special permissions as long they are installed in user scope.
So, answering your question, our devs are like regular users: when they need to install something that needs privileges they call IT. Surprisingly, that rarely happens.
Privilege escalation on Windows is super easy though, every red teamer I know has a bunch of ready to use exploits (most of them public) up their sleeve. And it is virtually impossible to get a good baseline of a developer's machine, so I'm pretty sure every SOC out there is simply allowlisting huge swaths of your software.
You can sorta kinda harden these systems, but that would only work against common malware. And you generally can't isolate senior engineers in their own little DMZ, so any RAT on their machines usually leads to catastrophic consequences.
Privilege escalation is a red herring. Everything you need to compromise production from a developer PC is either available for a regular user or not available at all.
It turns out you don't need administrative privileges for a lot of dev work (installing and running vs code, python, node, many databases, etc...).
My experience is that sudo apt-get install is a Linux Distro thing, most programs don't need special permissions as long they are installed in user scope.
So, answering your question, our devs are like regular users: when they need to install something that needs privileges they call IT. Surprisingly, that rarely happens.