I wondered if some terms were being used "loosely". If they had an AV suite, wouldn't they be offering it at least to registered clients?
Yep, youre likely correct.
I havent checked, but doesnt their premium malwarebytes offer real time protection against malware & spyware. If so then that would probably connect every so often to check and automatically download new files.
From what I did gather, it seems that much of the problem is updates not being signed. It said it had to be a targetted attack rather than general, so thats why Im guessing some sort of injection during an update, which could change the ACL/privileges and allow trojans to be installed undetected.