fashizzlepop wrote:Or, more simply, don't become a target...?
If you can avoid it absolutely. But, at least with this approach, you can, to some degree
, afford to be a target. Let's say that on the guest OS, I have a service I know nothing about, listening on a port I didn't secure. This service just happens to have an unpatched buffer overflow vulnerability that allows an intruder to execute a remote shell and gain root. They haven't gained root on my host, just the appliance. So, they can tear that box up all they want. I'll just reinstall it with a few mouse clicks. I'm not worried about them trashing it, because I've got all my backups stored on the host, as well as a multi-gigabyte flash drive I have attached to my keychain. Sure, it's a pain in the ass to reconfigure any changes I made to the guest OS, but at least that's all I've lost. And, maybe the next time I boot up the image, I secure the port.
Also, sorry if you were actually extending what I previously wrote, the question mark threw me off here.