Trust me, I'm a computer professional!
Vista is indeed a dog. An upgrade to Win 7 is well worth the $100.
While 4 GB is better, I see no reason to add RAM for the use you describe.
There is no reason to get a new computer unless you have money burning a hole in your pocket. Just upgrade to Win 7 32 bit. I haven't enough experience with Win 8 to suggest it. I normally wait until after the first OS service pack has been issued to start installing it on users' computers. Issuing the first service pack is a normal sign from Microshaft that the OS is mature.
I would stick with the 32 bit version. While 64 bit would run a bit faster, again, for the use you describe, you gain very little and may run into browser compatibility and driver issues. All are easily overcome but why cause the hassle for a slight performance boost?
I would serioulsy consider simply backing up her documents and saving her bookmarks and email. Then, as a security precaution, wipe the drive with something like
DBAN.
Boot to the Win 7 Service Pack 1 disk, create a new partition and install. Win 7 likes to add it's own separate partition. Let it do it.
Kick McAfee to the curb. It's as much of a resource pig as Vista. For home use, Microsoft Security Essentials seem to work fine. It provides both malware and virus protection. MalwareBytes is also good except I believe it comes up with some false positives just to justify it's existence and goad you into purchasing the full version. Consider that upgrade to get realtime malware protection. I use the free version forensically to temporarily suspend compromises while I get to user files. Then I reload the OS...
NOTE OF CAUTION: Most all the compromises I've seen in the past couple years have been from unpatched third party software like Acrobat Reader, Java, or Quicktime. Look into a program like Secunia PSI that will help you keep track of and patch third party stuff. If there is an icon in the start bar begging you to update/upgrade, never let it sit for more than a week...ever! And, don't postpone restarts. If you don't trust those little icons, simply uninstall the program and get the newest version...quickly!
If your wife wants to remain a "clicker", I'd do this: Set her up on a standard account (non-administrative.) Set up a separate administrative account not named "admin"! Use a decent password like "Chocol@te1ab" for both accounts. If any software tries to make system changes, you have to put in separate administrative credentials. That may slow her down a little and make her think about what she's doing.
Hope this helps.