If the user is constrained by policy to run a small set of programs against a known set of data files, an access control shell may be the appropriate choice. As an example, consider a data entry clerk who is permitted to run one particular database application and a basic set of utilities: mail, word processing, and a calendar program. An access control shell can be configured so that any changes to executable files by that user are deemed illegal operations. Additionally, if the set of executable files is restricted for the user, it is difficult to introduce a virus into the system. The virus is unable to spread if it can never be executed.