Thin Man wrote:
Using a VM doesn't really offer any protection to the guest(in this case, Linux), but it does help protect the host. Treat the VM as disposable, and if it gets hosed by something just restore from snapshot and start over. Using a windows VM running inside Windows would probably work just as well. Linux is just easier because you don't have to buy another license in order to avoid activation issues.
Escaping from the VM has been done a few times with the help of an exploit, but it's rare. Keep your software updated and it's not likely to be an issue.
I see. Thanks for the clarification. I'll try it on my machine and see what would be involved in getting the others to buy the idea.
Yes, think of them as "disposable". Moreover, think of multiple machines for different purposes, like: banking for 1, shopping credit card "A" for 2, shopping credit card "B" for 3, general browsing for 4, etc..
Moreover you can keep them "fresh" with earlier snapshots (and then update the thing again). https://www.howtogeek.com/171228/10-vir ... now-about/
Distro-wise, I like Elementary OS for this activity. (..look to youtubes for setting it up in a more customized manner, in particular make sure the windows operate like Windows and go back to a double-click operation to make it more familiar for the user.)
Linux distro's are largely immune to changes without some active involvement of the user (..and sometimes considerable involvement).
There are some things to enforce use:
1. make sure access to any Windows browser is damn hard to find, yet make access to the hypervisor easy to find.
2. setup your firewall to disallow access from browser's on Windows, but allow the VM access.
3. spend at least an hour with the user having them use the system in this manner again, and again, and again - to learn it.
Finally, look to specific browser settings and plug-ins that will block things depending on the use of that virtual machine.