Is online banking safe on Linux?

Modern Firefox is far more private than Chrome and has less vulnerabilities. I generally recommend against Chrome where possible.

The easiest thing you can do to avoid malicious websites is install add-ons:

NoScript
UBlock Origin

For the latter you need to enable the filter lists, but many are updated multiple times per day, so you'll at least avoid dodgy website redirects and be alerted if there if something going on. NoScript stops scripts running and, over time, you can mark certain website scripts as trusted. The legwork is in the first week marking certain scripts as trusted, but in time you'll be thankful you did.

Mint Linux is the one to go for, it's a separate distro that is essentially Ubuntu but with a nicer interface for beginners. Enable the firewall, no need for anti-virus on a platform such as Ubuntu/Mint Linux. Updates are regular but the core kernel can be reversed if you find a slow buggy updated kernel. This has only happened once to me in 4 years of use, so I recommend it over Apple/Microsoft OSs now. It's particularly good for niche programs you simply don't get on the other two major platforms.

that is pretty paranoid TBF

I disagree with the AV comment. 10 years ago maybe, but not any more.
There are Linux viruses, and whilst Linux is generally secure, but so is Windows these days if you don't disable UAC.

^^ This.

First rule of Anti-Virus - only ever have one running at any one time. They intefere with each other and will cause you all kinds of grief.

Do online banking sites work without scripts?

I believe it to be safe, have used Linux for banking/business for years. Another Mint user here.

I tend to go with safe use of the system rather than on-access AV products, anything dodgy happens in a VM, filter emails and web adverts/scripts/plugins, no copied software, basically attempt to avoid the main routes of infection. I do run an occasional clamav scan, haven't tried the on-access bit but might have a try. I do like the look of things like Cylance but not sure it's easy to license for a single machine. AV can introduce it's own vulnerabilities, I tend to trust the Linux system developers more. Plus as mentioned above AV can constrain versions of kernels and other software, which might force you to run a vulnerable one. I'd rather keep the system up-to-date and take the risk of things breaking (which has been rare).

For trusted sites I tend to enable scripts/adverts, the browser plugins make that fairly simple.

Some don't work, so you then allow certain scripts for that site. It's a one click effort to allow that sign. NoScript will still block CSS (cross-site scripting) and other nasties.

You don't need google-analytics or other services allowed for websites to work and that's the reason you need 'ublock origin' (not ublock solely, as this is another product) to allow dyanmic updating of filter lists that block known advert and malware domains.

If you use linux trusted sources and don't log on using sudo (super user) then you won't be getting any viruses any time soon. In all years I've never seen one; in fact I suggest you're likely to get hacked from bugs and code faults in the anti-virus itself unless you start installing random software from random sources.

Trusted sources are authenticated with the ubuntu and mint linux community and none yet have contained viruses. The viruses on Apple OSX are related to the mistakes Apple coders have made when adding on to linux, not the base linux architecture itself.

An anti-virus won't stop buffer overflow CVEs due to the way the kernel architecture is, so if you're targeted and hacked the anti-virus, that runs above the kernel level, isn't capable of noticing this. If you keep the kernel software updates enabled you'll be fine.

The paranoia of windows users isn't applicable for linux, the threats are from random software so be a good person and install them within a sandbox, of which there are many software offerings within linux. You can even run your firefox banking browser within a sandbox.

1.3 ftw!