If avast! is run from non-admin account, it does spawn the setup process using the service with LocalSystem rights. That brings two things:
a) it should update program without problem
b) there may be problems reaching the internet if there is some non-standards-compliant proxy (read ISA) in way which authenticates using NT credentials. There is a workaround though.
So, to sum it up: it should be possible to run whole program update from an limited user account, avast's setup was designed that way.