Unless you really need an outbound filtering firewall, the Vista firewall is perfectly safe. I really wish people wouldn't bash it so much just because it doesn't have outbound filtering. I really don't care about outbound filtering. It isn't something I care for and it really doesn't help security IMO. As far as I'm concerned, once something is on my system, it's over. How can I really trust a software outbound filtering firewall running on an infected machine? How do I know it just didn't add itself to the allow list? How do I know it isn't disguising itself as another process? The sad truth is you really can't.
Don't go with an outbound filtering firewall just because you hear the Vista firewall isn't secure enough. Also, I think everybody would agree that you should have a hardware firewall such as a router. Having a separate rig specifically used for a firewall is definitely an option too. Also, since it would be an outbound filtering firewall on the edge of your network rather then on an infected machine, it would actually provide you with security benefits. This way the infecton can't really interfere with the firewall.
Either way you should have a software firewall and a hardware one, especially if you have other computers set up within your network. What kind of software or hardware firewall solution you end up with is really up to you.