Just thought of one potential hitch...
If one is running a browser in a sandbox, can the browsing protection feature of the system's anti-virus software still monitor it? Or are the two completely isolated from each other? If the latter , then sandboxing a browser would be slightly self defeating in this regard.
When you think of it all the effort to do this vs the risk of exposure or incident, I don't think its worth it. If you're that worried about browsing use one device to do that and keep your other machines locked down. Maybe even disable ports 80 and 443 on your FW(Good luck with that BTW). In any case my view is effort out ways the exposure. Unless you're often going online stoned or drunk or to naughty websites. Behavior is the best defense.
