First off, if your machine is controlled by your adversary your probably fucked one way or another regardless of what your bank does if you give your attacker enough time. Also I run windoze 7... feel free to troll me.
With that out of the way I highly recommend using keepass or something similar, not only do you get the obvious benefit of stronger and unique passwords but if a form wants answers to secret security questions, just pick a question, any of them it doesn't matter, and use a long random hex key as the answer, then store it in the notes section of that key entry in keepass, or don't store it at all, your choice. In short, bank security could be better, there are a few creative ideas above me that could be offered on their end like the firewall between your account and other accounts idea, but there are smart things you can do to avoid the pitfalls of these stupid ass "security" questions.
Also, if you want to sync the database across machines, but are worried that your password may not be strong enough in the event that your online service for syncing is cracked into do this:
1) set up a keepass database with both a password and a key file for encryption
2) share the encrypted database through your favorite online syncing service, personal home server, dropbox, whatever
3) set up syncing with online service on each machine you want to access the database
4) put the key file on each machine you did in 3, if you want this to be more secure than just a password you CANNOT share the keyfile through the net, but it literally never changes unlike the database so copy pasta across machines with a usb key or similar manually is easy enough
5) additional note: this will save your password database for a non-trivial amount of time if someone has both your online service's password and your keepass password but cannot access the key file, hopefully long enough for you to realize what happened and change your passwords.
6) as a corollary to that: if your machine is hacked and the hacker is smart enough to search for the keepass database and the key file then your screwed, note that naming the file cleverly, using a clever file type extension, or putting it somewhere obscure does not help since keepass "remembers" where it is, so all the attacker has to do is find where keepass stores that info and the easiest way to do that is simply start keepass...