The problem starts with the first system that gets carved into multiple virtual machines.  The technology is cool and it has some amazing benefits.  But for all intents and purposes, each VM is a distinctly separate instantiation of an operating system (separate from each other and separate from the OS that's running on the bare metal in non-virtual mode) that requires its own security software and updating scheme.  In other words, just because you're running anti-virus and anti-spyware solutions on the OS that's playing host to your virtual machines and just because you're keeping that OS up-to-date with the latest updates doesn't mean that your safe.  Each virtual machine has to be separately updated and each virtual machine has to have its own anti-virus and own anti-spyware.  In the "this is pretty cool" department, each virtual machine can also have entirely different personal firewall settings.  In other words, the challenges that go with managing a desktop or notebook with 10 virtual machines on it are pretty much the same as the challenges of running a local area network with 10 workstations on it.  And yes, there are centralized solutions that are designed to ease the management headaches for IT departments that have to watch over multiple systems, but those solutions are hardly designed or priced for end user usage.