Interesting concept, but how can you apply it to a whole team?
Like any enterprise software you need support for it. Worse, these restrictions are demanded by a gov client, which is very paranoid about security. So ... having a Chinese software processing their data... not a very good idea
Actually, the demand is that every time an applet is loaded a prompt will appear, and the user should accept it. For example, going to Google main page would mean to click OK seven times. This should prevent some web appl attacks. The problem is that the users will not be able to browse anymore, and they need this option in order to do their job (for other clients).
I was thinking that a better browser protection will make the agency withdraw the request.
I tried Avast sandboxing at home and at work. At home it works just fine, but at work it doesn't work so well. I can browse to some sites, but not to others. I think that you cannot browse to a site with an invalid certificate. As an example our Nessus has the self-created, unsigned, certificate, so I wasn't able to go tp the Nessus web page.
Now, I don't know if I should ask the help of the Avast team (we aren't even their clients), or to try to find another solution to this problem.