So, is Vista worth the security investment-upgrade? Apparently NOT. I agree, the answer is not really. Read this CNET article talks more about that. http://news.com.com/Experts+Dont+buy+Vista+for+the+security/2100-1016-6154448.html?part=dht&tag=nl.e703.
To put things in perspective, if you give fully armoured tank to a monkey, he'll still walk out naked to get his banana. If you want a "Secure-Paranoia" OS, run DOS unplug the network and don't communicate, at all. Otherwise, most OS-es can be well secured. I've facilitated a Windows 2000 server environment for years without much threat, so, in conclusion on to that article, yes, get Vista to enjoy the fancy bit which includes automatic security spoon feeding which can be compelling to the novice right down to the hardcores, but don't get it to fix your lack of consciousness and down right ignorance.
Enjoy your Vista, i know i am..