It's really not. Antiviruses had a much better solution to this ~20 years ago: download malware signatures, store them locally, and check every program run against the signature DB. Works while offline and completely respects user privacy.
Also, doesn't really work that great for security, as there are always relatively easy ways to fool the signature detection. That's why AVs usually moved to include much more complex behavioral checking.
Note: not claiming that AVs usually respected user privacy - a lot of them could be conisdered malware in and of themselves. But the malware protection scheme was simple and it did guarantee privacy - it's other parts of the AV that then went behind your back and sold your data more directly.
