Re: "Can anyone offer a reason for using this segmented crap "
OS do use only two rings because most CPU but Intel did have only two level, supervisor and user. Thereby for compatibility (even NT did support MIPS and Alpha) designers did use only two. Moreover, the more the ring transitions, the less the performance.
But looking at it form a security perspective, the Intel design which proposed ring 0 core kernel, ring 1 I/O routines, ring 2 system libraries, ring 3 application was very sound and clever, and would have led to a much more secure OS (albeit quite slower). It was defense in depth.
Just, for a long time, and probably still, most companies are obsessed with performance only, and we see how many avoidable security bugs we see each month.
But as long as many people have been brainwashed that designs made forty years ago based on much more primitive CPUs are the best one and don't need to be revised and updated, we'll keep on having to face big vulnerabilities.
Even more so when CPU start to be designed around outdated OS, instead of vice versa. As more advanced features disappear from CPUs, it will be impossible to design and create a more secure OS, let's keep on living in the '70s... and having the same security.
It's impossible to create a secure OS without hardware support, software-only security is far less robust. But people usually understand such issues only when they hurt them badly.