Hum, this is disturbing. I would be curious to know how much malware is actually served over HTTPS and what good alternative to Avast is out there for Windows.
I'd bet that eventually all malware will be served over HTTPS. Movements to encrypt all traffic, like Let's Encrypt, will only hasten this. (Not saying LE is bad, but that's just how it works... it's a cat-and-mouse game.)