Q. What does your method do that a limited account wouldn't do?

A. While a limited account is, in most ways, even more restrictive than my method, it does not explicitly deny write access to the kernel, leaving the account vulnerable to privilege escalation exploits. My method, on the other hand, employs a "deny" ACL entry, which takes precedences over all "allow" entries. SQL Slammer demonstrated the inadequacy of a limited account way back in 2003; my method alone has held strong since I devised it in the summer of 2007, defending against nasties like Conficker and Mebroot.