The Vista Firewall can be configured to provide outgoing protection, but it is set to allow it as default. IMO it is quite complicated to configure it properly and is not a task for the novice. I would therefore recommend that people use a third-party firewall.
I've just re-read my above post and I don't think that I put it very clearly.
To clarify: the Vista Firewall is capable of providing two-way protection but is set to allow ALL outgoing traffic by default. To change this you need to change the Advanced Security settings rather than just using the default.