They don't acknowledge packets, just bytes. It's pretty reasonable for a reliable streaming protocol.
Their DDOS attacks target our servers. For example, Russia has some issues with Estonia, opposition sites post some independent statements and news on that. Then comes DDOS.
Sorry, wrong again. Stream byte acks are way more effective than packet ones. Tcp endpoint can receive several packets of data and then send just one very small ack packet (you only have to send the byte stream position after the last received packet). I'm not sure what you mean by "asymmetrical", but that's probably as asymmetrical as it gets.
It's called "delayed ack" or something. Iirc, it's all described in rfc793.
Apache doesn't need "fixing" - this is the job of a firewall or IDS or some other such anti-DDoS software. That doesn't mean they couldn't incorporate some protocol patch or use asynchronous I/O or some other crap, but the reliance shouldn't be on Apache to block this. If you're running a website important enough to DDoS, you should have a heavy duty firewall and IDS and possibly reverse proxy in place as well.
About 4, are the DDoS aimed at your servers or at your office infrastructure?