The answer to this depends on how paranoid you want to be.
Even if you were running a Linux live CD in a virtual machine on your system (which is destroyed when the virtual machine is halted), your system is still vulnerable. For example, if a keylogger was installed on the host, it wouldn't matter if you were typing your password into your heavily invested Internet Explorer window (with 400 addon bars) or a completely clean virtual machine. The keys are still being intercepted on the host. There is no virtual machine boundary to cross and the malicious software doesn't even notice that you are using a virtual machine -- it doesn't care.
An acceptable solution (again, depending on how far you want to take this) is to boot a Linux live CD on the host OS and do whatever you need to. You will be in a clean operating system that is destroyed the moment the computer is shut down. The problem then becomes how secure the websites you use are. One could take it even farther than that, but we are at the point of being ridiculous.
I didn't give an answer to one of your questions and it deserves an answer. You mentioned two different installs on different disks. This seems good in theory, but is actually really bad in practice. When you are using either operating system, you are (likely) running as an administrator, which means you have control over the hardware on the system. If you there is a piece of malicious software running on the system,
it is running as you, which means it also can control hardware. You can see where this is going. It has access to the other hard drive, and if it is programmed to do so, it could infect the other operating system without it even being booted.
Personally, I think this is all absolutely silly with proper measures taken, including responsible browsing habits combined with good safeties in case something goes wrong. Out of all the years that I've been using computers, I've not once had an infection on a system (Windows or Linux) because I always take precautions and verify what I'm doing. For example, if I don't know the domain of a link sent to me from someone I know, I do quick research into it to find out what it is. I've seen quite a few friends have their MSN accounts stolen and seen the thief start sending out links to further infect other people. I'm rambling at this point, but I'm saying that blindly clicking is bad.