Can you expand more on how it helps you with web-banking?
First, let's get the obvious out of the way: it doesn't help a whole lot if the host machine has been compromised. With that out of the way...
The above-mentioned NemID has been shoved down our throats. It was commissioned by the big financial interests, and being run by a private (and, it unfortunately seems, darn incompetent) company. If it was just
a banking system, it would be kinda OK - at least it offers two-factor authentication. BUT:
1) it's becoming mandatory for interacting with the government - so it should be classified as critical infrastructure (yet still being run by a private company, and iirc hosted by a company owned by a US company... patriot act...)
2) it's used for digital signature stuff. While technically there's cryptographic certificates involved, they're stored in escrow, giving us no control over them. While this might be safer than having a password-protected keyfile for 99% of the Danish population, it's scary that we have no alternative
3) not only does NemID require a Java plugin (keep in mind how many security holes Java has had over the years), it has a signed Java applet that's really just a boostrapper, which downloads an unsigned java applet at runtime... and this unsigned applet contains native libraries invoked via JNI.
4) the company behind is extremely arrogant, having claimed that any possible attacks were purely theoretic, etc. Didn't take long before we saw the first real-world MITM attacks against it.
5) <tinfoil-hat>being shoved down our throats, and designed how it is, it would be the perfect trojan-launching vessel for the PET
So yeah, I definitely want to keep that piece of crap contained in a VM. Also means I can keep the Java plugin out of the browser I use for everyday stuff, and thus be a helluva lot safer in general browsing. Just like my main browser, the one in the VM also has AdBlockPlus+NoScript+Certificate Patrol+Ghostery - and it's only
used for web-banking and other NemID-requiring sites.