I agree that it's a very grey area .
I can easily picture a scenario where a customer suffers fraudulent transactions on their account , but the bank denies any liability or responsibility
because the customer did NOT do x , y or z .
This could be anything from running with no AV to using an AV that is not on the bank's approved list , or using a browser that is not " approved " .
eg. one that is a fork of Chrome or Firefox ( despite them often being more secure ! ) .
Then add-in the fact that most GNU/Linux users neither use nor need an AV .
I started thinking about this issue when a bank began pushing " Trustee Rapport " , with a recommendation that all customers install it on their systems .
I refused it , simply on the grounds that there is so little info available on what it does , and how ,
( but the bank would claim that this was for security reasons ) .
Does that make me legally culpable for any fraud on my account in the future ?
From a legal perspective , I think the bank would be on shaky ground since it's them that are pushing so hard
for customers to manage all of their banking online , or via mobile phone .
The relentless closing of smaller branches , particularly in rural areas , is one of the results of this business model .
It's particularly hard on elderly customers who may have used the same bank for their whole lives , yet now have to make a journey
into the nearest large town / city to do basic banking transactions , simply because they don't have a computer , or even a mobile phone !