No the goal is not just that. If the malware uses exploits to take over the VM, the firewall in the linux VM is hopeless because it can be reconfigured. That is why I am separating the firewall in another VM and not bothering with firewalls in the (assumed rooted at worst) ultrasurf VM. A vectorlinux lite workstation currently. Might switch to another linux if you know anything better. Current one does full X and wine (needed for ultrasurf) with 64 mb of memory. The VM holding the malware is currently using a non-persistent virtual disk drive so simply powering it off removes everything if needed (or it could be a liveCD in the future). But the idea is not to kill the beast but keep it running in a cage where it can't do DOS attacks to anyone but its daddy (the ultrasurf server). Why keep the beast alive? To milk it. The milk is the anonymity service.