one could imagine a scenario like a bank website refusing to be accessed unless the entire OS & browser stack pass attestation - as that would rule out things like keyloggers, malicious browser extensions, and session hijacking.
The important part is that "malicious" isn't up to you to decide anymore; if you have any "unapproved" software that acts in your interests and not others', this could theoretically be used to lock you out too.
The important part is that "malicious" isn't up to you to decide anymore; if you have any "unapproved" software that acts in your interests and not others', this could theoretically be used to lock you out too.