It's still sounding like your best solution is a virtual machine setup. When you have a VM, the host (main OS) and client VM do not talk to each other. They just share the same hardware resources. Even the network connection, including the MAC is disperate, with a different IP.
You can set up a firewall and VPN on the VM client, and whatever other tools you want, and it should just work as if it's a separate machine ... because it is.
What you said is correct!
But what i am saying, (and i know i am sounding paranoid) is. Giving you Windows 10 example.
Windows 10 in itself is a backdoor and spying tool. I spoke to a peer that knows about IT way, (but way more than i do), and he told me this!
Meaning, if Microsoft mothership wants; ISP wants, or a hacker wants; your Samsung monitors for e.g. get seen and recorded like Snagit Software is able to capture them.
So, what you do in VMware is also seen. Right?
That's why i am moving to Linux. But sometimes i still need Windows.
What i said happens to some people, specially those visiting malicious sites or the dark web, not well protected.
I intend to become better with security, learn ethical hacking and visit some dark web stuff.
That's why the KVM switch and two devices might the the best route for this.
The 2nd OS might be Tails for e.g.