Every piece of software has a vulnerability, eventually someone will find that vulnerability and exploit it. Isolating software from the system is an effective way to ensure that the system stays secure even if such a vulnerability is exploited. If vulnerable software is running in a VM and is then exploited, only that VM is compromised and everything else, such as the host machine and other VMs are safe. This kind of approach is very useful in situations where it is inevitable that someone is going to attempt to hack your system by exploiting vulnerable software.
Virtual Machines run operating systems and software in an isolated virtual environment. Hardware such as RAM, *****U, and GPU are also virtualized by the machine and can be set to use only a portion of the host's hardware. Virtual Machines also make use of virtual disks, usually these are hosted from a file stored on the host machine, these virtual disks help keep Virtual Machines isolated from the host. Any properly configured Virtual Machine that is running the proper settings, on the proper host, and running the proper guest operating system is going to be very difficult for things such as malware to escape.
That being said, Virtual Machines are not indestructible, malware can fill the storage of the virtual hard disk rendering it difficult to use. Virtual Machine escapes also become easier if there are misconfigurations such as enabling sharing memory with other Virtual Machines (KVM), or outdated virtualization software. Your Virtual Machines should have the absolute minimum they need to run and be used properly. If they don't need a virtual printer device, remove it. Users also shouldn't solely rely on the Virtual Machine if the OS you are running as the host is not secure, then a Virtual Machine will not protect you.
Qubes OS is an operating system that virtualizes everything, the networking stack, the browser, the document editor, everything is separated in VMs called Qubes, hence the name Qubes OS. Qubes OS runs on the assumption that all software is insecure, and it will eventually be exploited. Qubes' approach to this is to isolate any compromise to minimize its effectiveness and giving the user time to react and take action, such as deleting the compromised Qube. Qubes also has Disposable Qubes, everything done inside these Qubes are deleted after use. Note that this is not for anti forensics, this is rather for situations where something that you are opening or running might be malicious, such as a malicious shell script or PDF. If that something is indeed malicious, you can just close and shutdown that Qube, and it is gone.
Qubes OS however will not protect you if you do not keep it up to date, check for updates every day. Qubes will also automatically tell you if any VMs need updating. You should also create more Qubes than just the defaults, maybe you want a dedicated Qube for your email client, you can do that, and you should do that. Using the same VM for multiple purposes defeats the purpose of isolation. Qubes OS is also particularly vulnerable to Evil Maid attacks, its Anti-Evil Maid doesn't work on TPM 2.0 and TPM 1.2 is practically non-existent any more, Qubes OS also does not support UEFI secure boot.