Current anti-malware approaches primarily focus on the perimeter and endpoint devices. This makes it difficult to isolate infected systems or slow the virus propagation.
Additionally, the current approach of scanning for a large number of known (but not necessarily dangerous) viruses makes it difficult to scan for viruses on devices with limited compute resources, or those that require fast data processing. Additionally, scanning at the operation system/application layer makes it easier for malware to avoid detection or disable anti-virus programs, as malware programs are given an opportunity to partially execute prior to their detection.