<* input type="button" value="Show screen resolution" onclick="alert('Your resolution is ' + screen.width + 'x' + screen.height);">
The limitation is that malware detection engines, like those run by the anti-malware firms, Google and Microsoft, probably operate with standard resolution settings or in headless full-screen mode. Anyone know if a virtualized browser with no display still has a DOM screen property? I'm sure it probably does, but is the default full-screen mode? Even still this trick might be just enough for nefarious search engine optimizers (SEOs) to tell if sentient insiders of major search engines or affiliate networks are snooping around. They’d be able to dynamically remove telltale signs of cheating like cookie-stuffing and cloaking that get them banned.
OS X does not seem to be supported, but that could probably be remedied. All the browsers auto-loaded the applet except IE8, which requires user permission. I believe in most cases the automated malware detection engines running IE8 would explicitly grant permission to increase the odds of getting infected. It is also possible these guys spoof their MAC Address, but I’m sure not everyone does so religiously. Another question is if Flash, ActiveX, or Silverlight have non-user permissions wags to obtain MAC Addresses.