said by StuartMW:
To positively prevent your PC from being infected you must isolate the browser/Java from the rest of the machine. VM or Sandboxie will do that.
It seems to me that separate accounts will go a long way: assuming sensible use of file protection on behalf of the user (i.e., don't go assigning "everyone: full"), then the only thing that a runaway Java app or other malware can do is to destroy that account.
Whether or not a separate account (with limited capability, naturally) is more palatable than a VM is up to the user to determine, I suppose.
Me, I'd probably plump for separate hardware