I think it is a great idea to set up a VM to use a web browser in.
Microsoft has one you can test out:
http://www.microsoft.com/downl...413c8ef&displaylang=en
VMWare has others that are almost ready to download and run without doing much anything to them; typically these are LINUX distributions like Ubuntu 8.04.1 or Fedora 9 or whatever with Firefox 3.01.whatever at least in the latest packages of them. Try to find one made within the last few weeks so it'll be more likely to have more of the recent OS and browser security updates already applied to it.
http://vmware.com/appliances/
As others have said, some very nasty kinds of malware can detect VMs and break out of them due to bugs or intentionally insecure configurations of the VM software itself. Needless to say, it is a bad idea to permissively share lots of drives / major folders between the host OS and the VM, et. al.
If the VM has network access, as others have said, it can potentially use the network to attack your local host machine or other machines on your LAN. As others have said, you can set the VM guest to use a more isolated LAN configuration so that it is not on the same logical network as your host machine or other machines on your LAN.
You can start by giving the VM guest an IP address in a different block than the host, e.g. if the host LAN is
192.168.1.10/24, you could set the VM guest as 10.10.0.10/24 to make it harder for IP level packets to go between VM guest and VM host LAN machines.
You could also set up a VLAN if your software / systems support that and put the host LAN on Vlan #1 and the VM guest on Vlan #2 or whatever.
Of course MAC based firewall rules could help also.
You might even be able to share a USB ETHERNET device from the host to the guest and have the guest thereby have a totally isolated physical NIC for its usage.
Even though it is kind of kludgy and I agree with the first response saying that software should just be engineered to be secure in the first place, given the realities of the world, using a VM is a good additional layer of security. It would be unlikely to hurt (make the situation worse) and it might help in most cases.
Make a habit of restarting the VM from a 'clean' image every time or at least if you have any doubt if the VM has been compromised. It is quite possible the VM could get compromised, but it'd be unlikely to spread to the host if you don't let the VM evolve / remain compromised for long under rootkit control.
This sort of configuration would work well with some kind of internet based bookmark system so you can save your bookmarks and share them to the guest VM even after you clean start the VM or don't allow it any persistent local storage use at all.
Playing back stuff like HD video would be a bit limited in the VM due to the lack of GPU / CPU performance compared to the host, but mostly it'd be pretty good.
You could end up with some DRM problems due to the use of the VM if you buy / play DRMed media from the browser in the VM.
It'd be especially good for commerce since you could, say, do your online banking from a clean restart of a VM so you wouldn't have to worry about other browser sessions stealing data from this one or whatever.
IMHO major software programs like browsers, probably even video games, et. al. should just be *designed* to run in a VM from the start. This would minimize security issues and also make the portability of applications between PCs better in the case that you want to upgrade or whatever.
the