As a general rule, you want to enable as few "sharing" features, and as little hardware access, as you can get away with. For gaming in particular you'll need to enable some (unless everything you want to run will be fine with software-only graphics), but you can try to keep it minimal. The more isolated the VM is from the host, the better. Of course, "security" isn't a binary state, and 100% security is impossible on any computer that is actually useful, but you can make it safe enough.
Never mind airplane mode; if you want to keep the Windows VM off the Internet, just don't give the VM a network interface. (Also, Win7 - which came out 12 years ago and is obsolete - doesn't actually have an "airplane mode" feature except maybe if you have a cellular radio installed.)
The question of whether you "need" antivirus is a bit of an odd one; if AV is ever doing anything useful then you have probably already screwed up multiple times already, and you should never count on it to save you. It might be worth having installed in Windows anyhow - free options like Defender should be fine - but bear in mind that without regular signature updates it'll be even less likely to save you than usual. On the other hand, if you're only installing legitimate software from legitimate install media (i.e. not from pirate sites, which are full of malware), and aren't running anything downloaded from the Internet, then you really don't need AV at all... how do you imagine malware would even get into the system? With that said, if you're downloading warez, or even just unofficial patches or mods, then AV might be worth having.
Note that, for gaming in particular, you might not get full speed from the graphics card when running in a VM. Though if the games are old enough perhaps this doesn't matter. Make sure you use VM software that supports virtualizing the graphics card at all, though! Note that this technically does open a potential attack vector for guest-to-host (through the graphics card) and video drivers are often kind of bad at security, but it's probably fine. Malware that exploits a video driver might use it for local elevation of privilege; it's very unlikely to use to to try and pivot an attack off the VRAM to exploit a host machine running a different OS.
You should be able to expose specific USB devices (so, the DVD drive in this case) directly to the VM guest. In that way, you won't have to share any folders between the Ubuntu and Windows file systems. This will also solve the thing where lots of old games have copy protection that tries to prevent you running them from an ISO or similar, and want a real disk drive.
If you're not putting any downloaded files (or at least, none downloaded from anywhere sketchier than GOG) on the VM, and you're not connecting it to the Internet, the odds are very good it won't get infected with anything and therefore it won't pose any threat to the Ubuntu host. However, if you don't share any network connections or file system directories or so on, then the odds are very good that any malware on the VM wouldn't be able to attack the host anyhow (actually, the odds of that are already pretty good; most Windows malware has no idea how to attack Linux... but better if it doesn't even have a chance).