You are so right about how behavioral analysis shifts the burden of deciding whether something is malevolent onto the user. What am I paying them for? (And yes, I've paid in turn for Nod32, Kaspersky and Avira, am unhappy with them all.)
At the same time, despite the rising frequency of false positives, I'm seeing a tendency in AV software to limit what you can do about the detections. Avira still lets you ignore suspicious files (though it complains bitterly), but Kaspersky does not have an "Ignore" option that I can see. When it can't disinfect, the only available route is delete. And of course it can never disinfect a false positive, or more specifically, it cannot disinfect when the only evidence is circumstantial, from behavioral analysis.
But I guess what you're positing will never happen. The bloat in AV software follows the bloat of the companies^H^H^H corporations that make them. When it was one diligent coder, you could reason with him or her, but you can't reason with the board of directors or with the shareholders.
I'm sorely tempted to run without an AV, but I'm too chicken for that, and I do receive plenty of attachments daily and share USB drives with friends, so I'm susceptible. But behavioral detection (and heuristics) is the first thing I disable in AV. It's just not worth the aggravation.
