Because every average user who isn't tech-saavy runs everything inside a sandbox/VM or even knows what a VM is. You can literally run malware in a VM but that doesn't mean we don't need to acknowledge the presence of said malware in the first place.