No, anti-malware is not a replacement for security updates.

Neil Matz summarized the Fortinet's Q2 Global Threat Landscape report for 2017, noticing:

WannaCry and NotPetya targeted a vulnerability that had been
patched by Microsoft a few months earlier.

But it’s not just these high-profile attacks that target recent
vulnerabilities that are the problem. During Q2, 90% of organizations
recorded exploits against vulnerabilities that were three or more
years old. And 60% of firms experienced successful attacks targeting
devices for which a patch had been available for ten or more years!

You hate Windows 10's forced updates and telemetry. Using gpedit.msc you can can modify:

• Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates. It's still possible to choose 2 = Notify before downloading and installing any updates.



• 
  

  It's possible to get the feature updates only after they are actually ready (i.e. tested and complained by the end users). ... > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received:

  
  
  

  
  

  When Selecting Semi-Annual Channel (Targeted) or Semi-Annual Channel:

  
  
  

  • You can defer receiving Feature Updates for up to 365 days.
  
  

  
  



• Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds. Allow Telemetry = 0 Security sends only a minimal amount of data to Microsoft. Too much? You can disable the DiagTrack: Connected User Experiences and Telemetry service.

Windows 10 was the first Windows with cumulative updates, which actually means less updates. Since October 2016 there has been no difference as Microsoft stopped individual updates for every supported Windows and currently all updates are in rollup model. (You can read more about servicing differences).

There is no realistic substitute for software patches.

There are additional security measures one can take, but all of them have their limitations.

• Antiviruses will not do a thing against attacks that do not write to disk. If an attacker hijacks a legitimate process in memory, it's open-season on your data. These kinds of attacks are becoming more and more common.




• Firewalls and IDSes (of either the software and hardware variety) can catch malicious traffic that matches a signature. The slightest bit of customisation will defeat this.




• All software measures rely on your core operating system being trustworthy. A core OS with security holes like Swiss cheese cannot be trusted.




• Hardware measures rely on you having a spare machine with software that has a supported OS anyway.

Windows 7 was released 10 years ago. Wanting to use win 7 now is the same as wanting to use win xp in 2013 (the year windows 8.1 was released), or wanting to use windows 95 in 2004. There were such guys in that era too, and we made fun of them at the time¹. Technology is changing, you should learn to adapt if you want to succeed in this field. If you want to schedule your own update times or prevent some updates to install completely you can spend some more bucks for the pro version of windows 10, regarding telemetry I have bad news for you: there's also in windows 7, and the quantity of information can't be configured as in windows 10 so you keep the defaults, whether you like that or not.

To answer your question: there is no way an external small software house can patch vulnerabilities of a closed source operating system with the same efficacy as the operating system developer, the best they can do is work around known bugs by blocking features or scanning your activity for malicious patterns.
This will slow your computer, and has bigger privacy concerns that the telemetry Microsoft gathers².
Also, as someone already said, there are vulnerabilities which can't be worked around outside of the operating system, so you'll keep them all.

Relying on external protection for your outdated OS may lure you into a false sense of security and may work without issues for years (it is not like the operating system becomes insecure the exact day its support ends) but would require you to keep yourself informed on new security issues, whether they are severe, whether they affect your OS, whether they will stay unpatched and eventually determine whether you should finally leave your OS at one point. If you can afford that much time managing your installed OS just for privacy concerns you can definitely use it to install Linux and solve the issues you may encounter to the lack of certain apps in your usual workflow, it will pay off more in the future.

Another thing that has not been said in other answers and I think affects security of an old operating system is that external app developers will eventually stop supporting it and releasing new version for it, so you may end up having old and buggy versions of apps such as browsers, which may be another surface of attack for exploiters.

TLDR, only hassle comes with staying with Windows 7. The problems you thought Windows 10 has also affect Windows 7, and while up until now it may have been a preference choice for the old UI to justify using that operating system, from now on the technical problems which come with it will keep increasing, so stay away: either go to Win 10 or move to Linux

¹ there was arguably a reason for people to stay in an older operating system at the time, and that was the increased demand of computing power of the newer operating systems which prevented them to be installed on older machines. This is not true anymore, since Windows 10 requirements are exactly the same as the 10 year old windows 7.

² concern being data leakage and server vulnerabilities are more likely on a small company and more likely to be severe, because Microsoft has a much more experience in security gathered from failures accumulated along its 40 year of activity and enmity to various revolutionary hacker groups

As others have said, it is not recommended to try to use an antivirus as a replacement for system updates. An antivirus is just one component of your system security, which also includes a secure network (incl. updated router), updated firmware and applications (especially your browser), 'street smarts' of what not to click on, and of course, an updated operating system.

However, that does not mean that there is no solution in your specific case. After all, the problem you are having is not that you are required to use Windows 7, but just that you understandably do not want to use Windows 10 with its tracking, preinstalled junk, major updates all the time, and other issues. Luckily, there is a solution to this particular problem, and it's called Windows 10 Enterprise LTSC (Long Term Servicing Channel), also known as LTSB (Long Term Servicing Branch). It contains the same security as regular Windows 10, and is compatible with the same non-Store software, but does not include the Store, Cortana, Start Menu junk, or really anything at all that you wouldn't find on Windows 7 or even XP. Its update schedule is also similar to previous Windows versions - security updates and bug fixes come every month or so, but major feature updates are considered to be completely separate versions, and updates are never forced. Telemetry can be turned down to '0', which is the same bare-minimum value that is normally only available on Windows Server.

I too was in a similar situation as you, and decided that LTSC was the way to go. It's the kind of stable, clean OS that I want on my PC, and since its primary market is embedded systems like POS terminals, it's going to be updated for a very long time. Of course, Microsoft hates when people choose it, but their vital corporate customers demand such an OS.

If you do choose the LTSC route, you can get a key for usually less than $15 on eBay (prices vary).