Re: best anti virus?
I accept a VM or any other sandbox will prevent propagation into network. Let's say you download a copy of norton ghost or a virus scanner. Malware is clever enough to detect the VM. You give it a test, well it seems ok provided it can run inside a VM. Install it on your system and all goes tits up.
Well, other than the Photoshop and some other (legal) resource intensive programs acquired from reliable sources, I run everything on VMs. For example, I have a VM for my Dot Net 2005 development, one for Dot Net 2003, one for Visual Studio 6, one with just SQL Server, etc. This practice keeps my main machine very clean. I carry VMs between work and home easily. It doesn't get any better than this.
I am a firm believer of VMs and I think that it is one of the best recent things that ever happened in the industry. I have worked with big companies who have replaced their entire QA labs with 30+ computers (where they certify their products on different environments, OS, etc) by a couple of physical machines running several different virtual machines. Those companies were very reluctant in the beginning to use VMs in production environments but the trend has been recently increasing to do that too.
So to answer your question, running a newly downloaded program on the main machine hardly ever comes up.