Web-based malicious code is broken down into the following:
Web-based = portable to all OS or platforms such as HTTP, Java and others
Malicious code = virus, Trojan or worm
Simply put, the malicious code doesn't care what the operating system maybe or browser. It infects them all blindly.
Lax security policy = The lack of concern for security policy or protection methods through the company. This includes lax network security or no security such as IDS or firewalls (yes people still think like this today!). On the other hand, policy are the rules that a company will use to enforce rules such as viewing unapproved material (Rate R or XXX) while on the job. If there is no written policy then a company cannot fire someone for viewing such material at work.
For more information on this topic, visit these other SearchSecurity.com resources:
This was first published in March 2003