The first line of defense against malware is … you!
You can check whether a file is harmful before you install it. Sometimes you can check before you even download it. VirusTotal (https://www.virustotal.com/en/) is a great website where you can check a file against 40 or so antivirus resources to see if it’s likely to be dangerous. It’s dead easy. A more complete explanation of the site is here: https://www.virustotal.com/en/about/. That page explains how to submit a file for analysis, too. If you do a lot of downloading, you might be interested in the advanced tools, here: https://www.virustotal.com/en/documentation/.
Once you’ve downloaded a file, you can (and should) check it before you install it. So given a choice to Save or Run or Save and Run, the best choice on a file you’re not sure about is Save. When the download finishes, right-click on the file. You will see options to scan the file with your antivirus and antimalware program. Do it! That scan takes seconds!
Even great, safe programs will try to force stuff on you. Sometimes it’s Google Chrome (I’m talking about YOU, Avast! Free) or McAfee Security Suite. (What does that have to do with updating your Java? Stop it, Adobe!) Always choose Custom Install over Typical or Express. Custom Install allows you to decline unwanted programs, toolbars, and search hijacks. Typical or Express installs mean that you accept whatever is offered. Clear the check boxes for the stuff you don’t want.