The ideas about improving the CU extension's handling of User Agents are pretty good. It may be worth noting that the linked UserAgentString.com does offer an API (http://useragentstring.com/pages/api.php), and although an in-house solution could be used this would reduce dev time a little.
As for forged UAs, I doubt it's going to be possible to do anything other than state that the provided UA is non-standard