My company produces a desktop application, and we are currently assessing the benefits gained by code-signing said desktop application. The application comes pre-installed, and our users are coached, so the application being from an "unknown author" is no real concern.

What I am trying to find out is if using Authenticode as tamper-protection makes sense, and how important this is for a "professional" desktop application. It seems like Authenticode signatures can just be stripped (if you have sufficient rights), so I think it would make sense to have the application validate it's own signature at startup, because an attacker would have to "go one layer deeper" and circumvent the validation logic to modify our application. Does this train of thought make sense?

Another fact to consider is that we cannot sign all libraries of our desktop application, as they are third party dependencies. Doesn't that make this whole project kind of futile?