Malware should certainly be considered unauthorized software and addressed using the techniques listed in Control 2<\/a>. Maintain a listing of approved software and its business need can be readily compared to all software that has been detected. <\/p>\n