Dude, i believe will be hard for someone to tell you this.
You probably won´t have an answer even if you wait months.
That is why NO ONE KNOWS.
Do you know that "most" linux and unix contributions like last year in "open source" and in kernels came from MICROSOFT?
That was for virtualization compability; Even the "main" system has codes made by 1 microsoft man and noone made any review... (when system starts you can see the message of trying to see if the main system is inside a VM)
Or don´t even understand the 20k line codes that man implemented for virtualization.
So noone will be able to answer about packet filter security between host and guest machines... Just because noone knows that.
Besides, the "virtual NIC" system used by virtualization programs are complex and unless you work in those projects you will not know too...
In a Linux Weekly News story, currently only available to subscribers, an analysis of Linux 3.0 contributors reveals that Microsoft was the fifth largest corporate contributor to Linux 3.0...The vast bulk of Microsoft’s contributions has been to its own Hyper-V virtualization hypervisor drivers
They also did it on UNIX, but noone covered how... Or "how much", at least i did not find.
But 1 thing i am sure: The great probability of backdoors in those codes.
After all, i trust MORE on BSD, but NOT 100% TOO.
Read about the CIA BACKDOOR they putted inside BSD like 10 years ago.
I heard the guy that disclosed it was arrested
as a national security treath.
Almost every big corporation fights for data invasion methods... Governments and companies. But 90% of that happens in USA.
USA is not so democratic anymore, with their new laws, if the government tells you an order to do something, like put a backdoor in your system, you "have" to obbey. If not you can be arrested with no rights for national security threath.
With Billions of dollars at stack, would you trust a closed group of people? You just look the most secure system. And that is PC-BSD for desktop.
Unless you are from the power elite, with customized closed hardware and shells, like i saw once with a huge company president, you will never be safe from governments or corporations, and that is a fact.
But normal people will not be able to bypass your security.
If you want government peep security, use an offline computer to work without intrnet and acess the web in stolen wireless connections.
If not, you are already safe inside the probability of a grain of sand in a beach in the middle of the other systems.