The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems. It's difficult to avoid malware problem in the commodity OS enforce a practical access control approach to tackle the malware problems. Design a novel MAC enforcement approach, named tracer, which incorporates intrusion detection and tracing in a commercial operating system. The approach conceptually consists of three actions: detecting, tracing, and restricting suspected intruders. The other is that, rather than restricting information flow as a traditional MAC does, it traces intruders and restricts only their critical malware behaviors, where intruders represent processes and executables that are potential agents of a remote attacker.