Yeah, I thought about it. But I don't know how I could keep the VM secure, so I might end up doing my Internet banking on a malware-infested system.
I wouldn't trust myself to keep the latest version of Windows secure, given that I haven't used Windows in over a decade, so I'm pretty sure I can't be trusted to keep XP safe. (As far as I'm aware, the "security" software that the bank's ActiveX control communicates with only runs on XP.)
> But I don't know how I could keep the VM secure,
It's simple, really.
Set up the VM. Do a snapshot. Every time you need to use the shit website, launch the VM, open the site in IE and nothing else. When you're done, shut down the VM and reset it to the known good snapshot.
Well, this assumes that it won't be compromised during an Internet banking session. Since I have a workaround (use the mobile app for personal banking, go to the bank for business stuff - which I don't need to do often) it doesn't seem worth the trouble and risk.
The bank requires their own ActiveX control and external software which the ActiveX control communicates with, both of questionable quality. Surely that's one of the more likely attack vectors you could have on a system?
I wouldn't trust myself to keep the latest version of Windows secure, given that I haven't used Windows in over a decade, so I'm pretty sure I can't be trusted to keep XP safe. (As far as I'm aware, the "security" software that the bank's ActiveX control communicates with only runs on XP.)