Yes, you are correct about routers. Routers do work as a firewall. Even with ports forwarded, they are still acting as a firewall on the other ports. There is no firewall better than a router. Routers mean that you can't be "picked off" as such - hackers can't just randomly find your IP and force your computer to download malicious software and whatnot.
However, if you go and download
Desktop Sheep or something along those lines, you're asking for it
Oh and paranoia isn't necessary. You don't need to fear every single file, just have some common sense about you. Image files, such as jpg, png, etc, cannot contain malicious code - it is simply not possible as they must be viewed with another program. That program isn't going to execute the malicious lines of code because it only recognises the format for that file format. It won't ignore the code, but it won't run it, as the software "doesn't know how", so to speak.
If it were possible, you'd get a billion and one viruses every time you searched something in Google Images.
It's the same for audio and video files.
The aforementioned method of disguising a binary as a jpg by simply renaming the format and changing the icon would not work as it would still attempt to open it in your default image viewing program (Photoshop, GIMP, or whatever). Atleast, thats what I'd assume. I'll try it out and see what happens (with a dummy exe, of course!).
EDIT Yes, I'm correct in my assumption that the way a file is run is determined by the extension alone. By renaming an exe to jpg, my operating system attempts to run that file through Photoshop, which will then simply give an error, and nothing will happen.
EDIT2 Although I just noticed that you actually meant that you put "jpg"
as well as "exe", so it is ".jpg.exe". This is a stupid design choice made by the
geniuses over at Microsoft to make the default setting such that recognised filetypes are hidden - perfect for malicious software to hide from the standard user. Security, my ass...
You have to manually go into the Explorer settings and disable this feature. I recommend that everyone does it.
Open My Documents (or any folder, really), go to Tools, Folder Options, View and then uncheck
"Hide extensions for known file types". That's for Windows XP (I'm still using it!), but it shouldn't be too difficult to find on Windows 7 - it's almost certainly in a similar, if not the same, place.