general/other Could you use virtualisation to mitigate against legacy OS vulnerabilities?

[taiwan740]

Theoretically, would using a network connected VM running an up-to-date operating system as a guest mitigate against any of the security vulnerabilities of the host, or would the guest also become vulnerable?

My instinct suggests the latter is true.

So for example, if you had an old network connected Windows 7 machine using an older Intel Core 2 Duo CPU (Spectrum and Meltdown vulnerable), could you run FreeBSD 13.2 in a guest and use that for your internet shopping and private browsing?

 

[yuripv79]

Were those 2 ever exploited in the wild?

 

[Emrion]

If your Windows 7 machine is reachable from a network, even your LAN, and even via a VM, it can be compromised. If you want no or few risks, cut Windows 7 from all networks (or better, don't use any EOL version of any OS).

 

[covacat]

as long as the windows box does not talk to anything you are pretty much ok. in theory it does not even need an ip

 

[SirDice]

if you had an old network connected Windows 7 machine using an older Intel Core 2 Duo CPU (Spectrum and Meltdown vulnerable), could you run FreeBSD 13.2 in a guest and use that for your internet shopping and private browsing?

You still have the problem of the spectre and meltdown vulnerabilities. Those are CPU bound issues. The VM guests run on that same CPU.