hi
having looked at your config, there should be no reason why users shouldnt be able to update the AV. however just a couple of things:
1) you dont need to apply the access list to the inside interface, because by default traffice from high security level (inside 100) to low security level (outside 0) is allowed.
2) is there a specific reason you have allowed ip any any to your outside interface? if not, the get rid of this as it exposes you to alot of threats. When users initiate a conenction to the internet, the ASA builds the TCP connection and keeps the state so traffic passes from the web back to the user so i dont see a need for that statement.
3) have you tested the AV update from your pc? can you download it? If you can then it is a client issue. check the clients dont have firewall turned on.
4)Are you running enterprise version of symantec AV? If so, the why not setup a server as a central point for your updates (from symantec) and get your clients to download updates from your server?
***Experts please clarify on any points i might have got wrong****
Re the speed issues, try checking the ASDM of your ASA and check the traffic on there.
DO a speed test using www.speedtest.net/ from a pc and compare against the speed you should be getting.
HTH and please rate if useful