There are a number of changes to Vista's core that are supposed to help stop malware, though the general consensus is that they're nice sounding on paper, but don't really mean much in practical use.
The Vista firewall is probably good enough for the average home user. Good enough that there's little to be gained by using ZoneAlarm or any of the others. The primary need for a firewall for home users is to stop automated bot probes looking for known exploitable vulnerabilities. You don't need all the bell and whistle bloat in other firewalls to do that. Vista is enough of a resource pig on its own accord without needing you to add to it.
Windows Defender, OTOH, is probably better off being replaced with something else. The anti-virus part of it recently was ranked bottom of the barrel of the major players in the AV market. It's better than nothing, but AVG Free would probably be better still.
Beyond that... While IE runs in a special protected mode in Vista, it's still probably better to avoid using it for anything but downloading security updates. Switch to Firefox or Opera, and you won't have much need for malware tools.
The rest is pretty straight forward... Don't use file sharing (P2P) software, don't use pirated software, don't open unexpected and unsolicited email attachments, don't click on links in email messages claiming to be from a bank or site such as ebay... Pretty common sense sorts of things.
Basically the question boils down to : are Windows Firewall and Windows Defender enough?
So I bought a new laptop - it's running Vista & I noticed that it has these two programs on it. The last time I bought a computer was back in 2001 (its a desktop PC running Win ME and yes I sometimes even still use it), and I had been using Zone Alarm as the firewall and AVG free as the antivirus. Never bothered with malware scanner (a mistake I know) although I woulda picked up AdAware or something similar.
So my plan with my new laptop was basically to go and get these things (or whatever the latest equivalents are) since they are free and seem to work reasonably well. But then I noticed Windows Firewall and Windows Defender, and so I'm wondering if I need to bother. Thoughts?