| With banking, I just don't do it online. I take
| the approach of operating safely when online
| and avoiding banking, shopping, etc. Those things
| simply can't be made safe. Even with a read-only
| laptop you still risk things like man-in-the-middle
| attacks in your connection to the bank.
|
| Then you limit yourself to the range of banks (and other
| institutions) with which you can operate. And, your choices
| will diminish, over time.
|

I pay $1/month for a paper statement. I doubt
very much that I won't be able to get a statement
any time soon. Even if they didn't mail it, one can
go into any bank for a printout as desired. Doing risky
things online because I *might* have to someday is
not a good reason to me.

| "Operating safely" is almost impossible. Too many drive-by
| attacks -- even on big "well known" sites. Hence the approach
| of getting the machine into a known, safe state and ensuring that
| it can't be changed from that state.

You sound like you know what you're doing, so I
wouldn't be inclined to tell you that you should change,
but my way also works. Nearly all possible online attacks
require javascript. Most of those also use secondary
vulnerabilities, such as iframes or Flash. I rarely enable
script online. When I do, I do it in Firefox with NoScript,
to limit the exposure. I don't have AV or malware
hunter software. And I've never had a malware problem
of any kind.

I wouldn't recommend that approach to everyone.
People who don't want to learn the basics and do
want to access the Internet as "consumers", with
extensive functionality to shop, play games, bank,
Facebook, etc will need AV. But my way, understanding
the risks and disabling script, is far safer than the
person with all the latest patches and AV, but who
enables script online. There's simply no way to make
that safe.