Windows 7 NotifyIcon GUID spoof-protection

I am currently working on learning some different aspects of WINAPI, including features introduced in windows 7.. One of those is using a GUID as identifier for a Notification icon.

As can be read on the MSDN, the GUID is bound to the executable by path, the first time the notification icon is added. This page in question promises further information on the issue at the documentation for Shell_Notifyicon(), but I cannot find any further information there.

How are users supposed to be able to display notification-icons from an exec开发者_运维知识库utable that has been moved?

It's documented:

If the path must be changed, the application should clear the existing GUID registry information before moving the binary file to a new location and reregistering it with a new GUID. Any settings associated with the original GUID registration will be lost.

This also occurs in the case of a side-by-side installation. When dealing with a side-by-side installation, new versions of the application should update the GUID of the binary file.

Note The only exception to a moved file occurs when both the original and moved binary files are Authenticode-signed by the same company. In that case, settings are preserved through the move.

The mechanics of the app "clearing the existing GUID registry information" are bit, erm, unclear. I'd work from the assumption that this doesn't actually happen often. So, new guid or a certificate.