What *else* could (should?) antivirus software do?
I saw this article today and it hit me that, dang, that would be an awesome tool to have from the antivirus, rather than having to try to go all CSI (from the article) to see what had been changed and, perhaps more importantly, how long ago it had been changed (2 seconds prior to the pop-up or 2 months ago, and it's been piping data to the attacker ever since). There are server-side tools that can be installed to do this kind of thing (think tripwire and the like) but, for a simple workstation, I'm not aware of anything that will actually alert you when something was changed, only when it (the anti-virus tool) notices it.