I've run secure servers where a default deny policy was essential. Nothing was allowed to run without my explicit permission and consent. On the other hand, I've set up computers for novice users and used a default allow policy which has worked best for them (because they most certainly don't want/need to be spammed with 50 popups about processes wanting to start while their just browsing the local news online, especially since I'd then get 50 phone calls asking me whether to allow or deny each 'mysteriously named' but ultimately harmless process).
In work computer i think the better option it's default deny (in work computer you only need "company" software).
Computer user basic default deny.
Computer user intermediate mix.
Computer user advanced mix but allow like.
None, default deny is bad for people that have low knowledge, default allow is bad because malware will install like there is no tomorrow. Something like AVG Identity Protect is good or Threat Fire.
Default Allow - If a program/file is detected as malicious it will be removed. Simple-as.
I compare Default Deny to running trusted and untrusted software in the same environment, but without an Antivirus available to help identify real threats.
Edit: Work/Business networks operate differently to home environments, and require tighter control over their networks, therefore my opinion is based around home use only.