Be aware of what you download. Check the file name to verify its consistency with what you expected (for example a media file should end in .avi and not .exe). Refrain from downloading unknown files from questionable websites that promise good times for free (cracked software, pornography and so on). Assess the website where the download is located – a legitimate website should look like many professional people worked a lot of time in developing and maintaining it – fake/malicious websites look simpler, basic.
Although any website can be compromised and host malware, Pornography, hacks and cracks and online gambling websites are notorious for installing Malware and other potentially unwanted/unsafe software – better avoid them.
Be aware that many “freeware” programs come along with adware or, more dangerous, spyware that may compromise privacy and security – so think twice before installing and double-check the source and consistency of the file. Software downloaded via a P2P client (even though the client itself is legitimate and clean) should also be treated with extra caution.
Check the context. One way to do that is by acknowledging the source of the download – if it’s a trusted website, a site you know or which is recommended by a trusted/professional source, or not. If you are downloading something from an operating system developer website (let’s say Microsoft), then it’s likely that the download is safe. Another way of checking the context is to refer to user comments, ratings and user forum discussions before deciding to download and execute the file. Many download areas have comments from other users that downloaded the same file. See what other people say about it. Watch for executable files such as .exe, .bat, .pif, and .scr.
See if the file size is consistent with what it should be (a .txt file usually is not 200MB large, or an one hour movie only 12 MB). If not sure, use the on demand scan of your anti-virus software to scan the file and additionally type the file name into a search engine search bar to see what shows up about it on forums and security websites. There are also online sources to analyse your file.
If in doubt, think of the potential consequences and do not execute the file.