They actually can detect all of it. Simba included. At least on Windows they have the power to do it. Detecting SMART and RSBot is as easy as detecting the applet is embedded in a JFrame which isn't done when using a browser. They could easily stick something into Applet.init(); which EVERY bot & browser has to call to load the "signed" applet. Of course a bot like RSBot can remove it but can they remove native code? ;]
They could also use reflection as well. And if all that fails, then screw it and use C & JNI.
Could stick their code right into Jaclib.dll or Jaclib.so. Then get whatever information they want. Also since you grant them permissions when you run the applet, they can check processes easily..
Every time you load the applet, each of these:
is downloaded to your computer on both Linux, Mac & Windows. Anything can be placed in them. Don't under estimate Jagex (which is done way too often).
It's not that they CAN'T.. It's that they DON'T. Big difference.