What approach do you consider the best for a Computer Science student, software developer, or other person who must write, compile, and execute arbitrary code on their computer? Furthermore, why? And how would you implement this approach? If you are a student, developer, etc. then what has your experience with it been? Please explain after choosing an option. Edit: Note that I mean this in terms of protecting the OS from ordinary malware, not protecting it from the consequences of deliberately executing code that does Bad Things. e.g. Picking up a rootkit like TDSS would fall within the purview of this; accidentally running a script that deleted C:\Windows\System32 would not.