Accuracy
Access control shells, like monitoring tools, depend upon the virus or Trojan horse working in an expected manner. On personal computer systems, this is not always a valid assumption. If the virus uses methods that the access control shell does not monitor, the monitor will produce false negatives.
Even with the access control shell, a well-behaved virus can modify any program that its host program is authorized to modify. To reduce the overhead, many programs will not be specifically constrained. This will allow a virus to replicate and is another source of false negatives.
False positives can also occur with access control shells. The system administrator must have sufficient familiarity with the software to authorize access to every file the software needs. If not, legitimate accesses will cause false alarms. If the system is stable, such false positives should not occur after an initial debugging period.
Ease of Use
These tools are intended for highly constrained environments. They usually are not appropriate for the average user at home. They can also place a great deal of overhead on system administrators. The access control tables must be rebuilt each time software or hardware is added to a system, job descriptions are altered, or security policies are modified. If the organization tends to be dynamic, such a tool will be very difficult to maintain. Organizations with well-defined security policies and consistent operations may find maintenance quite tolerable.
This software is easy for users, though. They simply log in and execute whatever programs they require against the required data. If the access control shell prevents the operation, they must go through the administrator to obtain additional privileges.
Efficiency
An access control shell modifies the operating system so that additional security procedures are performed. This implies some amount of overhead when any program is executed. That overhead may be substantial if large amounts of data must be decrypted and re-encrypted upon each access.
Administrative Overhead
An access control shell should not require frequent updates. The software is not specific to any particular threat, so the system will not require updates until new techniques are devised for malicious code. On the other hand, the access control tables which drive the software may require frequent updates.