What is wrong with DAC?

Programs have full control over the access given to files they create

Therefore no protection against malicious software or "social engineering"

Example, trick a user into running a program, it can listen to a TCP port that's not firewalled, accept remote logins and allow full control of their account

When program A runs program B both programs MUST have access to every file each of them needs with the exception of SUID programs (in which case program B gets full access but program A doesn't)