Shouldn't the files be signed by Microsoft, with a timestamp signature? That should (barring somebody locating a relevant private key) still mark them as not having been modified.

Of course, how many people would know to check for the signature (especially in the case the site went malicious and therefore wouldn't tell you to do so) would be a different question…