Thanks, read the whitepaper. Most of those things I have already done, or know. But it lacks some reality for my situation and experience - there is another side to its arguments. Eg an SSD with good GC does not slow down "even to speeds slower than those of hard disk drives" due to lack of TRIM, but a file with 10k fragments does in practice so still needs some defragmentation. The paper pushes need for NAT firewalls, but these are near-ubiquitous in 'power user' situations, so being connected to the internet to upgrade is a non-event. "Vulnerable to attack" can be interpreted different ways - while technically true (and the Right Thing for a security company to say), in objective reality (statistically) is a bit misleading as to what actually will, or can happen. The reality is all machines are at nonzero risk (which many people consider "significant"), as the continual stream of urgent patches to modern OSs proves. Windows' (all versions afaik) behaviour itself limits security, eg disallowing multiple usernames for network shares limits fine-grained access, leading to ad-hoc networks using unsecured shares or wide access (exposing 1TB of business data via a single share). That (the ransomware hole), dodgy software (viruses, trojans, bad web scripts) and outright social manipulation, is how things get in, as I see it - the fact is there are many things worse for security than a decision to run an old OS somewhere.
And that is where (and why) a good antivirus is good at mopping up the many extant risks that remain irrespective of OS version or any single setup issue - even if it never actually triggers on anything.
I looked into this: I had desktop notifications turned off, from memory because it was popping up orange about end of life every other day (without actually doing anything for months or perhaps years). In this circumstance I think turning them off was the only thing to do (given that the product was bought for XP and Vista). I left alert windows and in-product messaging turned on. Also I'm as certain as I can be there were zero email communications. I was unaware of any specific dates, and would have been very alert to anything specific, which is why it came as a surprise.
But I did know the general situation in coming year(s), and am glad for the support that did exist this many years on.
Glad to hear ESET's stance on refunds based on consumer protection laws. It's not worth it for 2 months, but good to know it would be an option if I needed it. I'm more worried about the loss of function.