been waiting for this for a while now...!

I've long disallowed IE users access to the 'net through the proxy server I admin at work, but that only uses the user agent header, which can be faked.

But once this wends its way through and becomes part of a default install, I'd love to use this to stop such shenanigans, and even more critical ones like infected machines calling out to their mommys, for instance.

Things like Cisco NAC try to look deep inside a PC's software config to see if it's OK to allow the machine to connect, but I don't believe this actually makes a big difference. I've seen the best protected machines get hacked, and malware piled on that the most uptodate AV couldn't detect.

And so I've never had any compunction (in my own little world) about "encouraging" people to stop using Windows. This will be a real boost to that effort!

Take that, Cisco NAC ;-)