Virtual machines mimic nearly all the qualities of a working production OS. The transient nature of virtual machines leads people to be more lax about their security. Users tend to use weaker passwords in VMs than they use on real machines. A VM can be weaker than a real PC because of the break-out-of-VM-to-the-underlying-host issues. There are also potential security solutions that are specifically built to prevent malware infection, but I think of the VM just like I would a real, physical PC.”]
Source: https://www.csoonline.com/article/2633050/re-thinking-the-security-of-virtual-machines.html