Even if the ISO is genuine and malware-free, you might download an old build that is vulnerable to known exploits like EternalBlue or PrintNightmare. When you install it, your fresh system is compromised within minutes of going online.
Microsoft publishes official hash values for every ISO release. After downloading an ISO, use PowerShell (Windows) or shasum (macOS/Linux) to compute its hash. index of windows 10 iso
PowerShell command:
Get-FileHash -Path C:\path\to\file.iso -Algorithm SHA1
Then compare the result with official MSDN or VLSC hashes. If the hash does not match exactly, delete the file immediately. Even if the ISO is genuine and malware-free,
If you absolutely must download from an index of windows 10 iso (for archival or testing purposes), you must verify the file’s integrity. Do not trust the filename or file size alone. Then compare the result with official MSDN or VLSC hashes