You need to set a password.
I think I will do that, but that is awkward to require a separate password for this one application, instead of properly using User Access Control which has already logged me in as Administrator. Besides, you said that the tray icon password can easily be bypassed.
No, they can... just run ashdisp.exe.
How does that work? I just ran ashdisp.exe (double-clicked ashdisp.exe) but nothing happened - I do not have access to the tray icon menu.
Even if it did work, however, that would not be a good solution. It would not be expected that one would have to run a separate executable just to access some functions of this software. One would expect that those functions would be available from the main Avast interface.
I think that this one aspect of Avast has not been well thought out: in Vista, Avast requires a UAC elevation prompt to access the main program interface ashAvast.exe, and yet it does not contain some important functionality. To access that functionality, one must either open a separate executable ashdisp.exe or allow the tray icon to display in which case it allows any non-Administrator user to access those functions.
Added: I just discovered something else. A Standard user can open not only the tray icon commands, but also can open the main program interface ashAvast.exe without any User Access Control prompt. Avast developers have not properly worked with User Access Control, since the Administrator must at least undergo a UAC elevation prompt yet a Standard user can open both interfaces without any warning or prompt.