If all the OS security measures are useless in the face of untrusted software, why were they introduced? Should we just run Windows 98 and FAT32 on our servers since it's apparently basic security knowledge that Windows NT's system of user accounts and permissions doesn't work?