I'll chime in regarding the "how safe am I because I'm behind a router" point.

Remember that in its most basic form, your home router typically does limited security-related things for you.  I know this stuff has been covered often in other areas of the forum, and I'll apologize in advance for the repetition here (as opposed to referencing other Help forum threads, or providing links to resources on the web).

NAT (Network Address Translation) hides your connected devices from the net at large, in that the router handles all traffic coming into it.  Your home router is the only device your modem knows about--in the case of having a standalone modem, with the router directly connected to it.  Every device behind your router has an internal address that the router keeps track of so it can manage traffic between the web and your devices, and also between your networked devices.  The "outside world" doesn't have access to the internal addresses of the devices on your network, so it can't send traffic directly to them.  All traffic to and from them is handled by the router.

And this is where the other security function comes in, if the router includes it.

SPI (Stateful Packet Inspection) further makes sure that unsolicited traffic (in the form of data packets) is not allowed to reach your networked devices.  Not all routers do this, by the way...and all software firewalls do, but this is a complex process.  I'll dumb it down a bit and use an example below:

Imagine a user (Bartleby), and his computer is connected via a router using an SPI firewall.

1. Bartleby points his web browser at a web page, like www.comcast.net.
2. The web browser sends a packet to www.comcast.net, saying "I'm going to talk to you."
3. The packet goes through the SPI firewall.
4. The firewall notes, "Bartleby is sending a packet to www.comcast.net."
5. The firewall sends that packet on to www.comcast.net.
6. Now www.comcast.net sends a packet back to Bartleby, saying "Okay, you can talk to me."
7. The packet from www.comcast.net gets back to the SPI firewall.
8. The SPI firewall has to decide, "Should I let this packet in?"
9. The SPI firewall notes, "The packet is from www.comcast.net."
10. Because it's been keeping track of its "state", the SPI firewall can check to see if Bartleby recently sent out a packet to www.comcast.net.
11. The SPI firewall discovers that yes, Bartleby sent a packet to www.comcast.net, so this must be a reply.
12. The SPI firewall allows the packet from www.comcast.net on to Bartleby's computer.

This all happens at mind-boggling speed.  (We are talking millions of packets per second, generally, as you browse the web and communicate with other devices in and out of your home network.

Where the SPI protection can leave you exposed is because the communication between your computer and a typical web page is processing all sorts of packets containing the content of said page.  (Text, Graphics, executable applets and other active content, links to other sites, etc.)

Since you asked your browser to load the website, that's essentially a green light from the SPI firewall's perspective.  And that's just for browsing.  Use an e-mail client to retrieve your mail, and you are telling the router to accept all the packets (and their content) associated with sending/receiving mail.  If something malicious is part of that mail content, the router just figures "you asked for it".

A software firewall can apply security rules to further control what's allowed in (or out), and anti-malware apps (eg. anti-virus, anti-trojan, anti-spyware, etc.) can use signatures of known baddies to block them, plus heuristic methods that identify and block things that may not yet have known signatures.

Hence the standard advice to apply a layered-approach to security.  Once you initiate the connection to the potentially "big bad world" of the web, a router generally is supposed to say, "you asked for it, here it is".  What happens after that is up to the security that's active on the system receiving it.  And that starts with your behavior, like your choices of how to configure security options of your hardware and software.  The latter includes the Operating System, and all the applications you choose to run on it (or not)--including how up-to-date you keep them with security patches, etc.

Hope all of the above is of some use.