There are a number of changes to Vista's core that are supposed to help stop malware, though the general consensus is that they're nice sounding on paper, but don't really mean much in practical use.

The Vista firewall is probably good enough for the average home user. Good enough that there's little to be gained by using ZoneAlarm or any of the others. The primary need for a firewall for home users is to stop automated bot probes looking for known exploitable vulnerabilities. You don't need all the bell and whistle bloat in other firewalls to do that. Vista is enough of a resource pig on its own accord without needing you to add to it.

Windows Defender, OTOH, is probably better off being replaced with something else. The anti-virus part of it recently was ranked bottom of the barrel of the major players in the AV market. It's better than nothing, but AVG Free would probably be better still.

Beyond that... While IE runs in a special protected mode in Vista, it's still probably better to avoid using it for anything but downloading security updates. Switch to Firefox or Opera, and you won't have much need for malware tools.

The rest is pretty straight forward... Don't use file sharing (P2P) software, don't use pirated software, don't open unexpected and unsolicited email attachments, don't click on links in email messages claiming to be from a bank or site such as ebay... Pretty common sense sorts of things.