Policy on malware (malicious software)