All password and other access control systems are designed to protect the user's data from other users and/or their programs. Remember, however, that when you execute an infected program the virus in it will gain your current rights/privileges. Therefore, if the access control system provides *you* the right to modify some files, it will provide it to the virus too. Note that this does not depend on the operating system used--DOS, Unix, or whatever. Therefore, an access control system will protect your files from viruses no better than it protects them from you. Under DOS, there is no memory protection, so a virus could disable the access control system in memory, or even patch the operating system itself. On more advanced operating systems (Unix, OS/2, Windows NT) this is much harder or impossible, so there is much less risk that such protection measures could be disabled by a virus. Even so, viruses will still be able to spread, for the reasons noted above. In general, access control systems (if implemented correctly) are only able to slow down virus spread, not to eliminate viruses entirely. Of course, it's better to have access control than not to have it at all. Just be sure to not develop a false sense of security or come to rely *entirely* on your access control system to protect you.