Hi DavidMax,
Nice question. I suppose avast protects against tainted updates at least as good as against any other files that you might download, and likely better. But I can't find confirmation of this in Program Help. Will be looking further.
If I were in McDo's, I would allow signature updates, but disallow program updates. Not so much because of an untrusted connection, but because a program update is much more likely to break things. A program update might be slightly more risky, but most forms of repair would be awkward.
And hey, avast: "An antivirus program is only as good as its database of virus definitions, which is why it is important to regularly update both the program and the virus definitions." C'mon, you have evolved from a purely dictionary based approach. Quoted text is from Program Help, and yes I don't know how to get heuristics and behaviour analysis in this succinctly either.
Best regards,