Wouldn't that be more fragile though? CPU usage is not constant in time, so if - again - you're not sophisticated enough, you get more false negatives / positives, depending on which side of the heuristic you err.
This is only useful for dragnet malware targeting the masses, where false positives/negatives have low impact to begin with. High value targets can run the real programs if this is proven to have any effect — the average corporate IT can approve some more bloat for security, no problem. Also, you take a sample.