On the topic of isolating Windows 7 VMs for security, if you haven’t tried it yet, running them on a dedicated VLAN or even just using a NAT-only network inside the hypervisor helps keep things tidy and safe. I even go as far as disabling all unnecessary network adapters within the guest itself—just enough to copy files in/out with a mapped folder, nothing more.
I hit a brick wall getting some old audio interfaces to play nice, even with USB passthrough in VMware—switching to QEMU/KVM, though, with dedicated PCIe passthrough (if your hardware can take it), was a game changer. It’s definitely more effort, but for really picky gear, it’s worth looking into. Just be prepared for some trial and error with PCI slot assignments and maybe a kernel update or two!
On the lighter side: if your apps don’t need deep hardware hooks, I discovered some surprising compatibility by running them inside Windows 10’s “Compatibility Mode” or even giving the Windows Sandbox a go for stuff that isn’t too ancient. Windows Sandbox absolutely destroys sandboxes like Sandboxie for quick testing of portable legacy utilities—it’s fast and wipes out after every shutdown, which is perfect for sketchier old software.
If anyone has managed to get legacy parallel-port hardware working reliably in a VM setup, would love to hear how—I still haven’t cracked that nut!