You have pointed 2 more dowsides to this approach: 1. Update virtual machines
requieres extra steps and can't be done automatically.
2.- All of this is pointless if you happen to use a compromised router. Which
could use a malicious DNS to point you to a different website than the one
you think you are using, like a fake bank website.
Now I am not saying do not use it, but rather, it seems like is not the right
approach to think that security is something the operative system has to take
care of, instead of teaching the users to be careful.