Hello Peter,
Although 2.18 is the nominal stable release, I have found from experience that the development releases are remarkably clean and stable. I engrave massively complex modernist scores with a large amount of Scheme customization and only once in several years have I encountered a bug that affected my work, and that was fixed rapidly by the team (a small matter really relating to tuplet stencils.] If anybody's scores are going to throw up bugs it is going to be mine! And they don't. I get completely clean compiles on hundreds of pages of scores.
I would assert that it is worth using the latest development versions, if for no other reason than the large number of enhancements and fixes available. Also, a lot of the people on the list who are willing to help out do not necessarily keep 2.18 around just to answer questions.
As to Kaspersky, I may well be wrong, but it has the sound of a false positive to me. In such cases the usual advice is to simply turn of the virus program during the install, and then re-enable it. Would that not work? Kaspersky has a well known reputation for throwing false positives - perhaps it makes customers feel good to know that the program is actually doing something, as otherwise it sits in the background apparently doing nothing. I think this is a design decision from Kasperksy. I can assure you that my virus checkers on Windows 10 do not regard that release of lilypond as malware, and it has caused no harm.
Your mail implies you think you are going to be debugging lilypond. I have not had to do that, except once. Not too bad!
Andrew