Access control is an important technique to protect computer files. Aiming at malwares that attack files, the paper proposes a quantified estimation method, and points out that the fragibility of prevalent access control policies lies in authorizing programs to access files what the user can access. The paper novelly proposes an access control policy based-on user's intention, which is able to defend unknown file attacks, and has extraordinarily less risk than prevalent access control policies. Furthermore, the paper proves security properties of the policy presented, and its application is discussed.