I would like to prevent to the best of my ability getting malware or virus when torrenting. I know there is never 100% certainty of not getting one, but i'd like to mitigate it. I'd like to ask your advice/expertise.

These are the practices I use. Please build on them if you think there is room for improvement and how.

First off, I use linux (transmission) and only download media (music, movies), no software. I know this already lowers the risks significantly since most malware are on .exe for Windows, however I am aware mp3/mp4 and mkv files can still embed malware to exploit VLC vulnerabilities and also Linux.
I use Proton VPN with kill switch in advanced settings - no internet (at all) allowed when the VPN is not connected.
I limit opening the downloaded media in the PC. After seeding for a few months, I usually transfer them into an external HDD and delete them from the PC. Media may be used in a TV/phone for viewing/listening.
I have downloaded torrent media going into a separate internal SSD which is encrypted (obviously unencrypted when torrenting). This probably doesn't do much, but I get somewhat piece of mind when I am not torrenting and the ssd is locked.
I use normally pirate bay org and get the torrents with the higher number of seeds.

I understood joining some private tracker may help, but I found it difficult to join. Any advice and recommendations are welcome!

you are viewing a single comment's thread
view the rest of the comments

[–] sefra1@lemmy.zip 2 points 1 day ago (1 children)

I'm probably the most security paranoid person you may find here on Lemmy, I'm the kind of person who actually checks the gpg signatures of software I download, and refuses to use anything like AUR.

And I never worried one time in my life about exploits in media files, it's just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.

Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.

Executable files aren't going to execute themselves. If you don't chmod +x them they shouldn't execute at all even if you click them. I guess it can depend on your system.

I am much more concerned about internet facing applications like a web browser or torrent client.

[–] ui3bg4r@lemmy.org 1 points 6 hours ago

And I never worried one time in my life about exploits in media files, it’s just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.

Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.

Executable files aren’t going to execute themselves. If you don’t chmod +x them they shouldn’t execute at all even if you click them. I guess it can depend on your system.

I am much more concerned about internet facing applications like a web browser or torrent client.

True, the combination of Media Player exploit + Linux + not patched, it is very unlikely. However, what if he is using a Debian based distro? Those may have a couple of year old version of VLC installed in the package manager for example...