Can you elaborate on the OS on a USB thing? You mean you'd reboot the machine to the OS on the USB? Wouldn't that trigger things? Or that machine merely a conduit?
If you can convince a machine to boot from USB, then one could make a liveUSB distro which automatically boots the first hard drive in a fullscreen VM (+ remote access), so it would appear to the user and network to be unchanged.
(Not sure how well that works for windows, which freaks out at the slightest hardware change, but it seems to work great for linux - I'm doing that at work to get modern hardware and software support of ubuntu while the software we use is only for centos; if I ever want to go back I just remove my extra hard drive and boot from the original again :) )
Yup, using KVM / Virt-Manager, "Create VM" -> "Use existing disk: /dev/sda" -> "Run". Aside from X getting confused, which was easily fixed [1], everything Just Worked. SSHFS is used so that I can edit code from the native desktop and run it in the VM.
[1] it had the nvidia proprietary driver hardcoded in xorg.conf -- with a blank config, Xorg correctly auto-configures the neuveuo(sp?) driver when it's running natively and the emulated card driver when running in a VM.
A good defense against this would be to have all the local HDs encrypted. That way nothing can run/access the contents of the HDs without the encryption password.
(Not sure how well that works for windows, which freaks out at the slightest hardware change, but it seems to work great for linux - I'm doing that at work to get modern hardware and software support of ubuntu while the software we use is only for centos; if I ever want to go back I just remove my extra hard drive and boot from the original again :) )