Since Joomla!, as well as its component VM piggybacks on Apache Web server, the Apache security instructions will make excellent bedtime reading!

Seriously, in order to protect your Downloadable products in VM, you
do not put them in your www/ path. You set aside one or more directories above your www root.
The pointer inside the VM web application points out the specific file related to each individual download and attach a code to that relation. For a user to access such file, without access code, he/she would need FTP access to your hosting service.
_BRI_ I agree with willowtree. You can do this in VM. I think VM has a lot of advantages in comparison with osCommerce, ZenCart and other similar free-standing shops. (Yes I've used them...).
The manual exists, but you'll probably find this forum more helpful when going into the nitty-gritty parts of the application.
Also check this forum a bit further, since one of the members found a way to present a presumptive customer with a way to listen to a piece before buying. Could maybe be interesting for you?
And like willowtree said; please write more descriptive titles in the future, thanx!
Regards
Akerman