Simple, trust no one. Get a no-reported-logs VPN, don't download anything that has a strange file size or extension, look at comments, look at the number of seeders if it's a torrent. If you can, join something like a private tracker where there's moderation too. If it walks like a duck and quacks like a duck then it's probably not the movie you were looking for and there might be a Trojan army inside waiting for you to let the duck enter your computer... That metaphor may have fallen apart on me...
I was trying to give general advice, since it didn't sound like they had a trusted private tracker already it's a good idea to have a VPN to mask your IP. I agree, it probably won't help against malware.
I added the word "reported" because I don't trust VPN providers to not keep logs, but ideally they should report that they don't keep logs and have an established history of not providing logs. Tor is really not ideal if you're trying to download anything large and you're still vulnerable depending on who controls the exit nodes.
Surface the Web with VPN, Ad blocker, Anti-Tracker, use Linux. In 5 years, I have never encountered a virus or a trojan. Following these 4 "rules" and you'll be fine on any website.
Depends on what you want. For games, find a trustworthy repacker (fitgirl and dodi are good in my experience) and only download from them. For software, again, it depends. For adobe products, M0nkrus is pretty good, but I'm unsure about other software. Movies and music are typically quite safe as long as you practice due diligence (basically dont open a file called song.mp3.exe).