On the topic of isolating Windows 7 VMs for security, if you haven’t tried it yet, running them on a dedicated VLAN or even just using a NAT-only network inside the hypervisor helps keep things tidy and safe. I even go as far as disabling all unnecessary network adapters within the guest itself-just enough to copy files in/out with a mapped folder, nothing more.
I hit a brick wall getting some old audio interfaces to play nice, even with USB passthrough in VMware-switching to QEMU/KVM, though, with dedicated PCIe passthrough (if your hardware can take it), was a game changer. It’s definitely more effort, but for really picky gear, it’s worth looking into. Just be prepared for some trial and error with PCI slot assignments and maybe a kernel update or two!
On the lighter side: if your apps don’t need deep hardware hooks, I discovered some surprising compatibility by running them inside Windows 10’s “Compatibility Mode” or even giving the Windows Sandbox a go for stuff that isn’t too ancient. Windows Sandbox absolutely destroys sandboxes like Sandboxie for quick testing of portable legacy utilities-it’s fast and wipes out after every shutdown, which is perfect for sketchier old software.
If anyone has managed to get legacy parallel-port hardware working reliably in a VM setup, would love to hear how-I still haven’t cracked that nut!