The signature list on the Digital Signatures tab tells you the name of the signer. In the case of a company, this will typically be the name of the company, e.g., "Microsoft Corporation". If the two names are the same, the files were probably signed by the same company.

This isn't an iron-clad guarantee, mind you, because there are a large number of organizations that are trusted to sign certificates ("certificate authorities") and not all of them have entirely sound procedures for checking that the certificate they're signing really belongs to the person it claims to. But this is as good as it gets.

If you mean you're worried about distinguishing between two different companies with the same name (in different countries, perhaps) there isn't really any foolproof procedure. In some cases the two files might be signed with the same certificate. Look at the issuer, the serial number, and the thumbprint. If they're all the same, you can be reasonably confident that it's the same certificate. However, just because the certificates are different does not mean that they belong to two different companies.

Regarding your second question, the certificate file (".cer") does not allow you to sign a file, because it does not contain the private key.

No, getting the .cer out of there will not allow anyone to use it to sign their program. The procedure is not reversible in that way.

It's usually not important that 2 programs are signed by the same certificate to be trustworthy. Getting such a certificate in the first place requires you to register with the certificate authority personally. With an address and a phone number and a name.

That means, if the application is signed, you can always trace it back to the person that is responsible for it. That's important because then you can hold them liable.