I usualy use a Linux USB boot pendrive, to lock on to the bank.
But i wonder if it is possible, to use an USB portableapps with FireFox.
Or another browser - where it is possible to lockout communication to the harddisk. Then - I think - the connection will be safe.
Eyvind.
Starting with your main question, locking down the hard disk is probably possible, although it would likely require modification to Firefox itself, and thus be impossible to distribute on this site, due to the specifics of John's agreement with Mozilla; Essentially, he can use the logo, but Firefox itself must remain unmodified - hence, everything that makes it portable is within the launcher. And locking communication with the hard disk would probably not be possible with that. Not to mention, it might well require a privileged account, which would also make it not truly portable by PA.c guidelines.
Besides the above, locking down the hard-disk is only one part of keeping your bank details safe. It's perfectly feasible, if the system has already been compromised (and until compromised, any OS or browser will make your details just as safe - though Linux is still a good idea, being far less likely to be infected), that a program could reside entirely in memory, capture the details into memory, and send them off to its creator across the net, all without ever touching the hard-disk.
Simply put, there's just too many things to consider for this idea to be viable, or maybe even for it to be possible.
I think blocking communication between hd and usb media would be in this case very problematic, I mean it would have to have clear list of policies on both sides stating where what can write and read. After all those are windows apps and will therefore need certainly read access to system area to do all the jobs, some of the called functions will need to use some temp writing etc. After all, firefox does not do any tci/ip communication itself, it just uses the subsystem of the OS etc.
There was some attempt to make slightly more closed OS for special purposes, it was called Bankix. Based on some knoppix structure it uses kind of locked squash file system , so read only for any external software. Therefore the actual OS is read only even when copied to usb stick, but one can still have separate data space for variables and own files.
try to google for bankix
Otto Sykora
Basel, Switzerland