Downloading suspect files into quarantine?

Downloading into an AV-style quarantine usually implies that the file is encoded or encrypted in some way to completely disable any ability it might have to attack the OS through a metadata exploit or accidental execution. This, however, would negate your ability to analyse the file.

Virtual machines are probably your best bet. As long as you disable certain sharing mechanisms that are often bundled as default features with VM products (e.g. directory sharing) the isolation should be very good.

Here's my usual procedure, within a VM:

1. Ensure that any config tools (e.g. VMWare Tools) that are installed on the virtual machine have been removed. The malware may leverage these to enable certain sharing features.
2. Download the file to a directory using wget or an alternative, without having that directory open in any kind of browser (e.g. Windows Explorer). If such a window were open, metadata may be read from the file.
3. Go into the VM settings and disable the network card and all other unnecessary hardware.
4. Take a VM snapshot in case the malware trashes the machine.
5. Begin analysis, and write up your findings on the host OS so you don't have to break quarantine to export them. If you have to export something, it is significantly safer to enable clipboard sharing than it is to enable the network card and upload the file somewhere.

If you can use a dedicated machine for this work, it is always wise to do so. It allows you to configure a firewall on the host that limits outgoing traffic from the VM, without the danger of the malware disabling it. It also allows for easier containment should something bad happen.

Of course, the most secure solution would be to analyse any executables on a platform that doesn't support them, e.g. analyse Windows malware on Linux. However, it may be more difficult to find good analysis tools.