Just recommend a decent AV, and have a policy on the online banking website that looks for key interceptors before showing the logon page.
Take our secure gateway... all over SSL, before the logon page either a Java or ActiveX control is downloaded and checks for anything that intercepts key strokes, and also any known naughty viruses currently loaded into memory. Also downloads a cache cleaner that removes traces of accessing the site.
Followed by RSA token authentication.
That gets you in. Although if you want to download files to your local system from the gateway the system checks for a local certificate and registry entry to see if your an authorised device, as well as checking for up-to-date (bar 2 updates) antivirus that's turned on, Windows firewall is enabled, latest service pack (we wait 3 months before updating it so users have a chance to update) and any major / critical security patches are applied too. (Users get 48 hours for these).
Anything fails, then system explains in plain english including screenshots how to get your system back to health.
The point is, transactions can be very, very secure. Nothing is perfect - if a user writes down their encryption password for their laptop, and keeps their RSA key, and their domain username/password all in the same laptop bag and it gets nicked then the security is gone.
But banks can, and should make more of an effort.
And leave IE / Windows out of it. FF and Safari are like blocks of swiss chesse - and that's without the FF add-on's people rave about until it crashes FF or installs a pre-approved Mozila virus! Linux requires just as many updates as Windows, and OS X is hardly a securtiy hardened OS either.
Good system administration can make any software stack as secure as the next. Show me a user friendly, daily use OS that doesn't require AV, firewall and patching and I'll get my coat.