This document presents a way you can use online banking with greater safety, even if your computer has been compromised with malware. I am starting to do this myself, and the inconvenience is not too bad. In today's dangerous online world, I recommend everyone does the same.
The idea is to split computing tasks into different classes of sensitivity. This is a similar principle to the government classifying information as "secret" or "top secret", etc. In a home context, online banking would be "top secret", while everything else on the computer is "secret". To keep these separate, use virtualization software to run multiple virtual machines for the different classifications.
I tried this myself for several weeks, to gauge how feasible it is. I used VMWare Converter to create an image of my physical machine, and VMWare Player to use it. Both are free downloads. My overall impression is that it is not feasible to work inside a virtual machine at all times - the performance impact is too great. Performance aside, my impressions are positive:
But there are some problems:
If you want to try this out, I recommend the following. This is not what I did, but it seems a better approach, in particular avoiding the need for two Windows licenses.
Once you've done this, you would usually boot into Linux and use the Windows VM. Do online banking directly in the Linux partition. If after a while you decide you don't like this arrangement, you can simply boot directly into Windows.
There are a number of virtualization products available. I decided to try VMWare, primarily because of its reputation, and have been happy with the results. So far, I've been using the evaluation version of VMWare Workstation. When this expires I will have to decide whether to pay for the full product, or switch to either Player or Server, which are free.
To get started I used VMWare Converter, which creates a virtual machine by copying a physical machine. This did work very well, but using virtual machine images has some inherent problems. You need a lot of disk space for the image, and you can't easily get at files inside the VM from outside it. Also, if you use both the VM and the physical install of Windows, you should have two Windows licenses. For these reasons I recommend avoiding Converter, and instead pointing the VM at the physical partition.
Some issues I hit:
The idea is that the Linux host operating system will have high security. This comes not from elaborate protections, but simply from doing as little as possible in the host OS. You need to apply the basic precautions of firewall, automatic updates and anti-virus. Beyond this, all desktop attacks rely on some kind of user-initiated action. A desktop that is only used to access a small number of highly trusted sites is at relatively low risk.
The VM for day-to-day use still needs to be well secured. Because of all the browsing, downloading and such, it is at high risk. You absolutely need to take the basic precautions, and it is worth taking further precautions.
The security of the host OS is dependent on malicious software in the VM not being able to affect the host. This is a design goal for virtualization, although it's not completely achieved. There have been security problems with VMWare, but not a huge number, and it is encouraging to see that people are looking for these kinds of problems, and they are being fixed. There are also convenience mechanisms, such as shared clipboard and drag and drop, which reduce separation. I recommend these be disabled. Also, take care about firewalling - you need the host to be firewalled from the guest.
A common use for VMs is as a "red zone" for performing risky tasks, such as trying out software downloaded from the Internet. VMWare provide a free VM for doing just this.
One option for protecting online banking is to do that work inside a VM, while doing all day-to-day work in the host. This is not a strong security control - it is possible for the host to control the VM. However, it provides enough security by obscurity to defeat most or all current malware.