Hey Hey,

My roommate and I were discussing this earlier and it happened to tie in with some work I was doing at the college today..

Why wouldn't something similar to Proxy Authentication do the trick... While something that caches on the router wouldn't be sufficient.... Something that creates a cookie would do the trick. If these programs are self-contained (which I believe is what was previously mentioned) the odds of them having the proper code to connect to a proxy, authenticate and store/use the cookie seems very unlikely. The user logs in in the morning and the first time they use IE, they authenticate... They get a cookie and the proxy reads the cookie and allows the users to access the internet using http/https. At the same time, since the odds are the malware code can't properly authenticate against the proxy, it'll be stopped dead... If nothing else it will be another cog in the wheel to slow them down.

Peace,
HT