Theoretically, all correctly-made VSTs are supposed to work on any application that supports them (IIRC, Logic Pro actually doesn't.) Practically, it's a bit more complicated, and the only way to be sure is to download the VST (or at least its demo version) and run it through its paces: create a project, add the VST, play with the settings, watch if it saves and loads correctly, watch if it loads your CPU too much or leaks memory, see if it works correctly with things like automation and MIDI learn (if it has the latter.)
Viruses/malware are at least a theoretical possibility, since VSTs are at the end of the day just standard Windows DLLs with some pre-specified exports, so anything that can infect a generic DLL can infect a VST.
A bit of a general advice: While trying new VSTs is fun, ending up with five gigabytes of the things you'd never use is counter-productive. Try to either search for VSTs that are good for the specific thing you're doing (A synth with good trance lead, or that extra-spacey stereo reverb or whatewer) or ones with some new to you feature you didn't try before, just to see what happens. Another good thing to look for is VSTs somebody filmed a good tutorial about, if you're new. Even if that VST isn't exactly what you need, you may still learn something that would work with those you do use.