Microsoft has announced Windows 7 will no longer be receiving updates after January 14, 2020: Here.

I hate windows 10's forced updates and telemetry so I have always stuck with Windows 7, but it may be as good as dead after the lack of security updates.

Linus Tech Tips did a great video covering this issue: Here.

With this massive change I was wondering if anyone knew of the real impact this would have. Can third-party Anti-virus successfully substitute Windows 7 security updates after they are discontinued?

Right now I use Malwarebytes and AVG, and I feel as though this would be enough but this is something you have to be sure about.

With Windows Vista I feel as though this has already been studied but, I am not clever enough to google the right words. So I have turned to the amazing community here for solid answers.

Is Windows 7 being left 4 dead, or is Y2K coming back for round 2?

Nope.

After Microsoft discontinue security updates for a version of Windows there is not a safe way to run that version of Windows.

Some people will promote Virtual Patching where you have a external firewall scan all your traffic looking for patterns of traffic that look malicious. I would not trust that, and it requires a seperate non-vulnerable computer.

A number of vulnerabilities patched by Microsoft are not the sort that anti-virus are good at catching. In the most recent example Google announced a Chrome Bug plus Windows 7 bug that caused visiting a site to remotely execute arbitrary code, this was being used in the wild. After end-of-life Microsoft will not patch this type of bug. (https://www.zdnet.com/article/google-chrome-zero-day-was-used-together-with-a-windows-7-zero-day/)

No, anti-malware is not a replacement for security updates.

Neil Matz summarized the Fortinet's Q2 Global Threat Landscape report for 2017, noticing:

WannaCry and NotPetya targeted a vulnerability that had been
patched by Microsoft a few months earlier.

But it’s not just these high-profile attacks that target recent
vulnerabilities that are the problem. During Q2, 90% of organizations
recorded exploits against vulnerabilities that were three or more
years old. And 60% of firms experienced successful attacks targeting
devices for which a patch had been available for ten or more years!

You hate Windows 10's forced updates and telemetry. Using gpedit.msc you can can modify:

• Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates. It's still possible to choose 2 = Notify before downloading and installing any updates.



• 
  

  It's possible to get the feature updates only after they are actually ready (i.e. tested and complained by the end users). ... > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received:

  
  
  

  
  

  When Selecting Semi-Annual Channel (Targeted) or Semi-Annual Channel:

  
  
  

  • You can defer receiving Feature Updates for up to 365 days.
  
  

  
  



• Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds. Allow Telemetry = 0 Security sends only a minimal amount of data to Microsoft. Too much? You can disable the DiagTrack: Connected User Experiences and Telemetry service.

Windows 10 was the first Windows with cumulative updates, which actually means less updates. Since October 2016 there has been no difference as Microsoft stopped individual updates for every supported Windows and currently all updates are in rollup model. (You can read more about servicing differences).

There is no realistic substitute for software patches.

There are additional security measures one can take, but all of them have their limitations.

• Antiviruses will not do a thing against attacks that do not write to disk. If an attacker hijacks a legitimate process in memory, it's open-season on your data. These kinds of attacks are becoming more and more common.




• Firewalls and IDSes (of either the software and hardware variety) can catch malicious traffic that matches a signature. The slightest bit of customisation will defeat this.




• All software measures rely on your core operating system being trustworthy. A core OS with security holes like Swiss cheese cannot be trusted.




• Hardware measures rely on you having a spare machine with software that has a supported OS anyway.

Windows 7 was released 10 years ago. Wanting to use win 7 now is the same as wanting to use win xp in 2013 (the year windows 8.1 was released), or wanting to use windows 95 in 2004. There were such guys in that era too, and we made fun of them at the time¹. Technology is changing, you should learn to adapt if you want to succeed in this field. If you want to schedule your own update times or prevent some updates to install completely you can spend some more bucks for the pro version of windows 10, regarding telemetry I have bad news for you: there's also in windows 7, and the quantity of information can't be configured as in windows 10 so you keep the defaults, whether you like that or not.

To answer your question: there is no way an external small software house can patch vulnerabilities of a closed source operating system with the same efficacy as the operating system developer, the best they can do is work around known bugs by blocking features or scanning your activity for malicious patterns.
This will slow your computer, and has bigger privacy concerns that the telemetry Microsoft gathers².
Also, as someone already said, there are vulnerabilities which can't be worked around outside of the operating system, so you'll keep them all.

Relying on external protection for your outdated OS may lure you into a false sense of security and may work without issues for years (it is not like the operating system becomes insecure the exact day its support ends) but would require you to keep yourself informed on new security issues, whether they are severe, whether they affect your OS, whether they will stay unpatched and eventually determine whether you should finally leave your OS at one point. If you can afford that much time managing your installed OS just for privacy concerns you can definitely use it to install Linux and solve the issues you may encounter to the lack of certain apps in your usual workflow, it will pay off more in the future.

Another thing that has not been said in other answers and I think affects security of an old operating system is that external app developers will eventually stop supporting it and releasing new version for it, so you may end up having old and buggy versions of apps such as browsers, which may be another surface of attack for exploiters.

TLDR, only hassle comes with staying with Windows 7. The problems you thought Windows 10 has also affect Windows 7, and while up until now it may have been a preference choice for the old UI to justify using that operating system, from now on the technical problems which come with it will keep increasing, so stay away: either go to Win 10 or move to Linux

¹ there was arguably a reason for people to stay in an older operating system at the time, and that was the increased demand of computing power of the newer operating systems which prevented them to be installed on older machines. This is not true anymore, since Windows 10 requirements are exactly the same as the 10 year old windows 7.

² concern being data leakage and server vulnerabilities are more likely on a small company and more likely to be severe, because Microsoft has a much more experience in security gathered from failures accumulated along its 40 year of activity and enmity to various revolutionary hacker groups