I just had this thought. Let’s say I want to have on my computer several systems, each of which might be compromised which I’m fine with, but I don’t want for 1 system to be able to compromise another. So my default solution for something like this would be to just give a VM for each of them and hope for the best. My question is, is it really necessary? I mean, wouldn’t just doing everything on the host with different user accounts be enough?
I mean, do we have any actual evidence that a VM escape is harder to preform then spreading from 1 user in Linux to another?