If your concerned as much about the topic as I am. This is what i do..
# Create a Backup IMAGE of your OS (operating system) partition / drive. If your unfamiliar with Backup Image creation, Clonezilla is probably one of the easiest and free applications to start with, i use command line apps, but one would assume there website would probably also answer a lot of common questions.
# Use a Firewall with Logging capability. I create a disallow ALL by Default Rule on all Ports / Protocalls / Applications, and then Allowed Rules for only selected applications and ports, simple example would be to -Allow Mozilla Firefox.exe TCP ports 80,443 and on windows -Allow DNS svchost.exe UDP port 53
I personally do not use anti-virus. I feel its like taking your car in for preventative maintenance, where you don't know the people or what they are doing. where as creating a Backup Image of your OS, is like having a clone of your car in the garage as Backup ready to go instead. And if any application violates Firewall rules, it will be logged.
ontop of that, I tend to trust Portable apps more than Non-Portable.
Portable apps - can just be extracted / unzipped and run
Non-Portable - require you to go through an installation dialog
.zip are usually portable, .exe is sometimes portable because they can sometime also be simply extracted with 7zip, in which case it may just be a self-extracting exe without an installation dialog requiring Admin privliges.
I personally don't yet have experince with the example I'm about to use, but its the best i can think of at the moment, since I recently downloaded some Emu's I've never used before, and pre-emptively heard about some peoples complaints of pj64 (project 64) containing adware.
If you have or had taken a DL and look at each of pj64 versions, the old ones were portable zip, that later changed to self-extracting zip, and the gap from 2002 -2005 changed to an Installer, and then theres another large gap in release from 2005 - 2013, so I would guess thats the time frame adware was implemented. and as you can see the Unofficall Netplay release uses a non adaware older portable version.
2012-11-03 Project64k_0.41.zip unoffical netplay support version
2013-05-01 setup Project64 2.1.exe
2013-04-01 setup Project64 2.0.exe
2005-04-01 setup Project64 1.6.exe
2002-08-29 pj64_1_5.exe
2001-12-25 pj64_1_4.exe
2001-09-01 pj64_1_3.exe
2001-07-23 pj64_1_2.exe
2001-06-09 pj64_1_1.zip
2001-05-26 pj64_1_0.zip