First and foremost is Protected Mode, which shields the operating system from actions taken by Internet Explorer or any Internet Explorer add-ins. So even if malware breaks Internet Explorer's security features, it shouldn't be able to do harm to your PC, because Protected Mode in essence locks Internet Explorer inside a safe box. Protected Mode isn't available in IE 7 in Windows XP; it works only in the Windows Vista version.
Internet Explorer in Windows Vista also benefits from the same security features that are built into the Windows XP version. The anti-phishing filter does an excellent job protecting against phishing attacks, and the browser has also cracked down on potentially dangerous ActiveX controls and dangerous add-ins. (See our in-depth of Internet Explorer 7 for details about these and other improvements in IE7.)
Those who have been longing for a true firewall for Windows will be pleased to know that Windows Vista includes a two-way firewall. The firewall in Windows XP only blocked dangerous inbound connections, but did not provide any protection for unwanted outbound connections. So if your PC was invaded by a Trojan or spyware, those programs would be allowed to make outbound connections unimpeded. Windows Vista changes that, and the Windows Firewall includes outbound protection as well.
As with Windows XP, you can customize how inbound protection works by opening and closing ports, blocking and unblocking programs, and so on through Windows Firewall Settings, available via Control Panel > Security > Allow a program through Windows Firewall.