I use sometimes Microsoft Virtual PC or Oracle VM Virtual Box to test software in empty Windows systems. Empty means no anti-virus and only Windows' firewall (activated in the virtual Windows OS). Something I sometimes wonder if there is a risk that: 1. The virtual Windows will get infected with malware/virus via the Internet 2. The Windows OS installed on the hardware can get infected if the virtual Windows get infected I have of course anti-virus and firewall etc. installed in the "master" Windows (that is installed on the hardware). But will this anti-virus / firewall also protect the virtual Windows to 100%? Or may there be a way in, to the system, by attacking the virtual Windows?