1. boot from DVD, import seed, sign tx, shut down, transfer to online and broadcast
this means each time you want to spend you have to both install the wallet and import your key or seed
2. install it on a removable media like a USB disk or a portable hard disk.
this way you can add additional things such as encryption and save the settings such as disabling network completely. and you won't have to import your key every time.
1. You could modify the ISO to add script and software you might need before burn it to DVD, so you just need to import your key/seed.
You also could import encrypted wallet file if you want some convenience.
2. Remove network card is better solution, unless you're using notebook or it's embedded on your motherboard.
If an attacker knows (e.g. because you are telling everyone, or because you are some known person in the community) that you own about X - Y bitcoins, he won't be happy with seeing 1/10 X or even less of that in your non-password protected wallet.
I mean.. you might be able to deceive attacker which aren't familiar with BTC and wallets, but in any other case it will be pretty obvious that the full amount is protected with an additional password.
This might be useful for plausible deniability regarding a person which doesn't know how much you own, but it won't protect you if he knows how much approximately own.
People who worry $5 wrench attack most likely will never tell people how much Bitcoin they have or use pseudonymous identity, so i think such scenario is unlikely.
It's different case when someone realize possibility of $5 wrench attack after they've done something stupid.