No, that is not the answer either so don't be so quick to attack. The system is failing to bring producers and consumers together. Until the media industry finds a way to bridge the gap with better business models, this type of thing will continue.
The question here is whether they will arrive at that aha moment before they destroy the very thing they are trying to protect...
That would be a fine postition except for the fact that the actual content creators are not the ones getting the bulk of the revenue. I am all for seeing that artists get full and proper recompense for their work; its the bloat in the system that is the problem...
Anyone have any info on how to detect/remove software like this?
I doubt you will get an accurate count. The more successful it is and the longer it remains out of the hands of researchers will determine how many actually adopt its use.
Detecting it with a scanner will be problematic as it is not something that would be released widely like "traditional" commercial/criminal Spyware. Targeted distribution over short periods of time makes discovery and analysis even harder.
The first peice of advice here would be to strongly recommend avoiding activities that put you at risk of being targeted by Law Enforcement... For those that may fall on the more paranoid side of the discussion however, imaging and boot-to-restore solutions may offer a means to ensure that your computer is clean. They will not detect or block the program from working, but they can help with the cleanup. Whether restoring an image every time you start your computer makes any practical sense is entirely up to you...
Older Sony laptops were made with high quality but the newer ones are just poor from any way you want to look at it...
As an example I got a PCG-XG19 back in early 2000. It has been dropped, kicked, dragged around the country, and endured 2 OS upgrades in its useful lifetime and still works when I start it up. Over this time the only things that have gone wrong with it are the hard drive died of old age and had to be replaced, the battery had to be replaced, and it only supports 250 MG of RAM.
In 2005 I picked up an FS model that lasted only one year before the screen was destroyed when it accidentally fell off a desk onto a deep pile carpet and was retired because a replacement screen would have cost ~600 Euros at the time.
Sony used to make high quality products and it was a real disappointment to see that quality eroded to the extent it was and has been. Once I would not have thought twice about getting a Sony Laptop if I could afford it. Now, I do not even look once...
Nothing important, certainly. However, this in and of itself would be considered suspicious. If your goal is unimpeded travel, you're better off having a laptop that looks 'normal'.
Can't think of anything more "normal" than a sales rep dragging an old IBM laptop around the world. And if it isn't already normal, customer privacy and security should be top priority.
IE have a windows machine(cause that's 'normal' atm), some family pictures, and email client with a bunch of those joke/junk emails. Some games, maybe a bit of mild porn(cause that's 'normal').
I see no compelling reason why these things should be on a computer used for company business. Keep your professional and private lives separate and you will be much happier when the time arrives when that laptop is stolen, lost, or even confiscated as is the possibility presented by the subject of the article and this discussion thread...
Keep a vpn client for the important stuff, or encrypt it if it's too large to leave on the net.
I would submit that any work related activity is "important" and as a result should be approached with the utmost attention to ensuring that your company AND client information remain private and secure.
If your goal is to generate a lawsuit, like Mr. Hellar, then go ahead and be an ass - just be aware that you're going to suffer pain for your goal.
For the purposes of my reply, this has nothing to do with legal challenges of the current laws. My reply was to present a strategy for companies to work efficiently within these laws while ensuring that sensitive company and customer information are kept secure.
If your motivation however is to exercise your constitutional rights to free speech and peaceful protest, I say no problem as both are equally valid...
I would add one further refinement to this by saying that there should not be anything stored on the laptop. For Windows based machines you can achieve this by locking the system down with an Instant System Recovery (reboot to restore or virtualization) solution that removes any changes made to the system.
In light of this, no one should be traveling with sensitive or confidential information on their person, in their phone, or on their computer. The information should be stored within the company network and accessed via secured/encrypted connection (EX: VPN) with any information used on the computer wiped when the system is turned off.
Though I am biased towards a specific virtualization product (Returnil) I can report that this works well and with the addition of using overstocked and/or reconditioned systems you can get on EBAY for $200 - $300 USD a pop, having the computer seized has little impact as the system is restored to a clean install state at shutdown and replacement of the computer is trivial and cheap.
This also has the added benefit of keeping your customer information private and secured when moving between clients. Simply shut the computer off and any changes made are gone and you have a clean slate for the next appointment...
I wish all this was true. Incremental and fast and includes clients. Sounds like a recipe for disaster to me. Sorry but I really have not seen development teams using such methods successfully.
...you need to couple it with EFFECTIVE and relevant feedback from the development team to the customers, testers, and users.
It is not enough to just acknowledge the feedback from your users, rather you need to make them an integral part of the process and SHOW that their opinions count.
Developing software can no longer be dictated from the "top" by decree or from the feedback of small subsets of your user base. And contrary to your assertions, this approach has been very successful in both of the startups I have had the pleasure of being involved in over my career.
Developing software is not about "this would be neat" or "we think this will be useful"; rather it is about solving problems and the more targeted that software is as re the users needs, the more successful it will be over the long run. And IFO never saw any value in ignoring or marginalizing the user/customer...
Not goofy at all. Virtualization has benefits that traditional security can't offer and never will be able to offer.
A new/old method is to use Instant System Recovery (ISR) solutions. Though they require some adjustment in thinking and deployment, once set up you can get rid of any unwanted content (Malware certainly falls within this category) with a simple reboot of your computer.
The largest stumbling block to general acceptance of these solutions has been their complexity and cost. Things are changing however with the recent developments in what has been coined "Light Virtualization" solutions like the Returnil Virtual System (returnilsoftware (dot) com) that supports entering "shadow" mode without requiring a reboot of the computer.
Though ISR will not detect or block Malware it will ensure that the computer is clean after a restart and all System Partition changes are gone. No improper removals,, missed detections, or left over junk to track down...
Though I disagree with Stewart's assessment that AV is a "waste of money" I agree that it has been ineffective as a front-line cure to the problem.
AV's are necessary if only to provide negative feedback on the effectiveness of your security configuration...
Quote
"The entire focus of the article is that most startups, and I'd be willing to wager most successful companies, aren't started by young people fresh out of college. They're somewhat unsurprisingly started by people with experience in the industry...".
I am one of those who did not even get involved seriously in the industry until I was in my mid 30s and never had much use for standard 9 to 5 jobs so have worked as a hired gun most of my career.
This experience has provided a rich return as far as experience, maturity, and (most importantly) contacts that have allowed me to create my own niche that plays to my personal talents and experience. Further, I have never been afraid to take a chance and "risk all" when I believed in the project.
The real determinants on who is more likely to have a successful startup are not really age, rather it is more about the personal traits of the people creating the startup. If you are not prepared to risk it all, you are likely not to succeed...
You may have spent little time, but you definitely ranked the candidates based on their school and GPA.
Actually that is not true, though I may have looked at those with a "good school" listed first, I most certainly did not rank them based on this. Further, I quickly learned that this initial ranking had no merrit and ultimately proved to be a useles metric.
It has been my experience as both a new hire and one who is doing the hiring, that you make your own fortune. Suggesting that you need such a degree is bubkis, pure and simple.
Also happens with K-Melion and FireFox here. Even the main page s extremely slow. It took me a sec to check the box and 2 minutes to get to a point where I could turn it back off. Needs some more work...
I have interviewed quite a few potential hires and can say that I spent little time looking at the education other than to see if they had the right skill set. The grades tell you nothing, what is important is that you prove to the employer that you are the right person at the right time with the right skills. Everything else is window dressing.
If you think that your current knowledge is insufficient then by all means repeat the year. If you would not learn anything that would justify the extra year, then go on and put your focus on getting better scores in the coming year...
I stopped buying movies and music because they were too expensive and this was well before DRM raised its ugly head. So with this in mind (I am far from unique in this regard), what twisted combination of chemicals are required to come to the conclusion that making these things more expensive and user un-fiendly will change my mind?
I wonder if this time it will be more obvious to the courts that Verizon's patents aren't so original?
Ok, so this is going back to the lower courts and the SC managed to side-step the deeper aspects of this case... so it would be interesting to hear from the legal experts as to what broader ramifications we could expect to see from a Vonage win in a re-trial...
While I believe in the rule of law, I also believe in applying that law with understanding and compassion so that the punishment is appropriate. For too long, our justice system has been used to make "points" rather than to actually dispense justice, especially when someone powerful (or some powerful organization) is caught with its hands in the stupidity jar
If Gary is going to have the book thrown at him, then everyone who had authority over the security policies for the network should also be subject to the same scrutiny by the public with appropriate punishment also applied to each one of them.
If we are going to live by the rule of law, then its damned time we started walking the walk
Besides the fact that this list is onerous to say the least, has anyone explored the implications for US citizens who work for foreign companies? The way the law is written could open the doors for abuse against US workers who may unwittingly violate the law by performing their duties.
This is not just workers who are stationed in the US, but also those who work overseas. Could a US citizen be prosecuted in the US for doing his/her job while living in another country? At the very least, this could have a serious chilling effect on Job opportunities for US citizens around the world...
Anyone checked to see if the string implementation is covered by Copyright? Would hate to have the speaker phone duct tapped to my head without a line out to call for help...
From what I've experienced again and again and again is that one of the reason (and there can be others) that techies don't make good managers is that they try to live in both worlds.
It is not as simple as you suggest. It is more about how the individual looks at, and understands the world. It has been my experience that the best Techies that have worked for me see the world in black and white. Dont misinterpret this as a bad thing; on the contrary, it is one of the (IMHO) most important aspects of a real Techie. The next aspect is their ability to focus exclusively on minute details that may have limited scope.
This takes a type of concentration that a good manager cannot afford, as it would mean that they are ignoring other issues that may be just as important. Additionally, a good manager needs a broad knowledge that is not necessarily deep, but sufficient for him/her to understand what their teams are doing and to communicate effectively with superiors, customers, and team members.
The focus that Techies have also tends to ill prepare them for dealing with complex social issues that a manager may have to navigate on a daily basis. To Techies, these are irrelevant and distracting. To a manager, this is a critical skill.
So the real issue that the originator of the article should think about here, is how they see the world and whether they can deal with, or even prefer a, gray world...
"I mean, if some business that I slighted in China brings a lawsuit against me, I'm not going to fly half-way across the world to defend myself."
While I am most certainly not a lawyer I do know of a certain situation where you would not only fly to be in court, you would hire the best legal rep at your destination you can find and do it as fast as possible.
In the US, even if you are a business that is registered and exists solely in a foreign country, you can be subject to a "summary judgment" if you do not show up for court. This may not mean anything to your company if it does not have a market in the US, but if you do, the court could terminate your ability to sell your products and/or services here, impose fines, etc.
If your major market IS in the US, then your company could potentially be litigated into bankruptcy whether you agree with the jurisdictional issue(s) or not...
"Do you realize that most spammers completely ignore all laws? You are suggesting the equivalent of a homeowner negotiating with a burglar to limit the amount they steal."
You misunderstand the point I am trying to make. Yes of course I recognize and know very well that spammers are by definition ignoring these laws where they exist.
Where the communication becomes effective is when the industry creates standards of detection/blocking, defend their standards vigorously, and then force the spammers to seek a more acceptable method of doing business. Without some form of good faith debate/discussion between the community, the advertisers, and the antispam industry, what hope is there that these standards will be set, much less agreed upon globally?
All spam is not advertising and all advertising is not spam but almost all of it is... Don't you think the time has come to lay all the cards on the table and end this debate once and for all?
"There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement..."
Actually it will turn out to be the exact opposite. Once the program is in the wild and the black hats get their hands on it, both the AV and AS vendors will have no other choice than to add it to their detections.
Regardless of whether the detection is for the original Trojan or not, any subsequent black hat variations found would be added and the original would in all likelihood be flagged due to the particular (add your own term here) scanning technology.
"Since they have taken the roll of deciding who is spamming and who isn't, I think they could use more accountability than what I find indicated on their website"
Accountability certainly, but transparency would help to resolve these issues. The Antispyware industry tackled this by creating and then supporting systems/procedures that allow targeted application developers to appeal their inclusion in the AS's detection database, detection category (malicious, adware, Trojan, etc...), threat level, etc
More importantly, a similar procedure could open up a line of communication between the "spammer" and the antispam provider that may allow the antispam provider to force positive change in the behavior of the advertiser.
Sample framework for a possible procedure:
1) Suspected/targeted advertiser contacts the Antispam solution provider with an appeal as to the detection and blocking of their commercial messages
2) Antispam provider then does a complete and DETAILED technical analysis and write-up/documentation of why the content is detected/blocked in a specified time period. This report is then supplied to the advertiser.
3) Based on the report generated in #2, the content detection is continued (I.E., there is ample and reproducible evidence that the advertiser is engaged in spam activities and the blocking is valid)or the detection is determined to be a false positive and the blocking is removed...
4) Given that the content is blocked due to valid and reproducible evidence, the Antispam provider will then have all the evidence they need to defend their position in court if need be
If the security industry wants to provide the protection their customers require (hopefully this is the main motivation), then they have to also provide the means for positive change in advertising models.
Escalation without any means of relief/behavior modification is ultimately self-defeating...
Slashdot Mirror
No, that is not the answer either so don't be so quick to attack. The system is failing to bring producers and consumers together. Until the media industry finds a way to bridge the gap with better business models, this type of thing will continue.
The question here is whether they will arrive at that aha moment before they destroy the very thing they are trying to protect...
That would be a fine postition except for the fact that the actual content creators are not the ones getting the bulk of the revenue. I am all for seeing that artists get full and proper recompense for their work; its the bloat in the system that is the problem...
How many more agencies have software like this?
Anyone have any info on how to detect/remove software like this?
I doubt you will get an accurate count. The more successful it is and the longer it remains out of the hands of researchers will determine how many actually adopt its use.
Detecting it with a scanner will be problematic as it is not something that would be released widely like "traditional" commercial/criminal Spyware. Targeted distribution over short periods of time makes discovery and analysis even harder.
The first peice of advice here would be to strongly recommend avoiding activities that put you at risk of being targeted by Law Enforcement... For those that may fall on the more paranoid side of the discussion however, imaging and boot-to-restore solutions may offer a means to ensure that your computer is clean. They will not detect or block the program from working, but they can help with the cleanup. Whether restoring an image every time you start your computer makes any practical sense is entirely up to you...
JMHO
Found a site with an article about this and it even has a picture...
http://www.stfc.ac.uk/KE/Ind/SubArrBH.aspx
Older Sony laptops were made with high quality but the newer ones are just poor from any way you want to look at it...
As an example I got a PCG-XG19 back in early 2000. It has been dropped, kicked, dragged around the country, and endured 2 OS upgrades in its useful lifetime and still works when I start it up. Over this time the only things that have gone wrong with it are the hard drive died of old age and had to be replaced, the battery had to be replaced, and it only supports 250 MG of RAM.
In 2005 I picked up an FS model that lasted only one year before the screen was destroyed when it accidentally fell off a desk onto a deep pile carpet and was retired because a replacement screen would have cost ~600 Euros at the time.
Sony used to make high quality products and it was a real disappointment to see that quality eroded to the extent it was and has been. Once I would not have thought twice about getting a Sony Laptop if I could afford it. Now, I do not even look once...
Nothing important, certainly. However, this in and of itself would be considered suspicious. If your goal is unimpeded travel, you're better off having a laptop that looks 'normal'.
Can't think of anything more "normal" than a sales rep dragging an old IBM laptop around the world. And if it isn't already normal, customer privacy and security should be top priority.
IE have a windows machine(cause that's 'normal' atm), some family pictures, and email client with a bunch of those joke/junk emails. Some games, maybe a bit of mild porn(cause that's 'normal').
I see no compelling reason why these things should be on a computer used for company business. Keep your professional and private lives separate and you will be much happier when the time arrives when that laptop is stolen, lost, or even confiscated as is the possibility presented by the subject of the article and this discussion thread...
Keep a vpn client for the important stuff, or encrypt it if it's too large to leave on the net.
I would submit that any work related activity is "important" and as a result should be approached with the utmost attention to ensuring that your company AND client information remain private and secure.
If your goal is to generate a lawsuit, like Mr. Hellar, then go ahead and be an ass - just be aware that you're going to suffer pain for your goal.
For the purposes of my reply, this has nothing to do with legal challenges of the current laws. My reply was to present a strategy for companies to work efficiently within these laws while ensuring that sensitive company and customer information are kept secure.
If your motivation however is to exercise your constitutional rights to free speech and peaceful protest, I say no problem as both are equally valid...
I would add one further refinement to this by saying that there should not be anything stored on the laptop. For Windows based machines you can achieve this by locking the system down with an Instant System Recovery (reboot to restore or virtualization) solution that removes any changes made to the system.
In light of this, no one should be traveling with sensitive or confidential information on their person, in their phone, or on their computer. The information should be stored within the company network and accessed via secured/encrypted connection (EX: VPN) with any information used on the computer wiped when the system is turned off.
Though I am biased towards a specific virtualization product (Returnil) I can report that this works well and with the addition of using overstocked and/or reconditioned systems you can get on EBAY for $200 - $300 USD a pop, having the computer seized has little impact as the system is restored to a clean install state at shutdown and replacement of the computer is trivial and cheap.
This also has the added benefit of keeping your customer information private and secured when moving between clients. Simply shut the computer off and any changes made are gone and you have a clean slate for the next appointment...
I wish all this was true. Incremental and fast and includes clients. Sounds like a recipe for disaster to me. Sorry but I really have not seen development teams using such methods successfully.
...you need to couple it with EFFECTIVE and relevant feedback from the development team to the customers, testers, and users.
It is not enough to just acknowledge the feedback from your users, rather you need to make them an integral part of the process and SHOW that their opinions count.
Developing software can no longer be dictated from the "top" by decree or from the feedback of small subsets of your user base. And contrary to your assertions, this approach has been very successful in both of the startups I have had the pleasure of being involved in over my career.
Developing software is not about "this would be neat" or "we think this will be useful"; rather it is about solving problems and the more targeted that software is as re the users needs, the more successful it will be over the long run. And IFO never saw any value in ignoring or marginalizing the user/customer...
Not goofy at all. Virtualization has benefits that traditional security can't offer and never will be able to offer.
A new/old method is to use Instant System Recovery (ISR) solutions. Though they require some adjustment in thinking and deployment, once set up you can get rid of any unwanted content (Malware certainly falls within this category) with a simple reboot of your computer.
The largest stumbling block to general acceptance of these solutions has been their complexity and cost. Things are changing however with the recent developments in what has been coined "Light Virtualization" solutions like the Returnil Virtual System (returnilsoftware (dot) com) that supports entering "shadow" mode without requiring a reboot of the computer.
Though ISR will not detect or block Malware it will ensure that the computer is clean after a restart and all System Partition changes are gone. No improper removals,, missed detections, or left over junk to track down...
Though I disagree with Stewart's assessment that AV is a "waste of money" I agree that it has been ineffective as a front-line cure to the problem.
AV's are necessary if only to provide negative feedback on the effectiveness of your security configuration...
Mike
I think not as that has come to mean "making a copy" when you xerox something...
Quote "The entire focus of the article is that most startups, and I'd be willing to wager most successful companies, aren't started by young people fresh out of college. They're somewhat unsurprisingly started by people with experience in the industry...".
I am one of those who did not even get involved seriously in the industry until I was in my mid 30s and never had much use for standard 9 to 5 jobs so have worked as a hired gun most of my career.
This experience has provided a rich return as far as experience, maturity, and (most importantly) contacts that have allowed me to create my own niche that plays to my personal talents and experience. Further, I have never been afraid to take a chance and "risk all" when I believed in the project.
The real determinants on who is more likely to have a successful startup are not really age, rather it is more about the personal traits of the people creating the startup. If you are not prepared to risk it all, you are likely not to succeed...
Actually that is not true, though I may have looked at those with a "good school" listed first, I most certainly did not rank them based on this. Further, I quickly learned that this initial ranking had no merrit and ultimately proved to be a useles metric. It has been my experience as both a new hire and one who is doing the hiring, that you make your own fortune. Suggesting that you need such a degree is bubkis, pure and simple.
Also happens with K-Melion and FireFox here. Even the main page s extremely slow. It took me a sec to check the box and 2 minutes to get to a point where I could turn it back off. Needs some more work...
I have interviewed quite a few potential hires and can say that I spent little time looking at the education other than to see if they had the right skill set. The grades tell you nothing, what is important is that you prove to the employer that you are the right person at the right time with the right skills. Everything else is window dressing.
If you think that your current knowledge is insufficient then by all means repeat the year. If you would not learn anything that would justify the extra year, then go on and put your focus on getting better scores in the coming year...
I stopped buying movies and music because they were too expensive and this was well before DRM raised its ugly head. So with this in mind (I am far from unique in this regard), what twisted combination of chemicals are required to come to the conclusion that making these things more expensive and user un-fiendly will change my mind?
Well at least I can watch TV this weekend without having to watch any more of those annoying Vonage commercials...
through embarrassment!
While I believe in the rule of law, I also believe in applying that law with understanding and compassion so that the punishment is appropriate. For too long, our justice system has been used to make "points" rather than to actually dispense justice, especially when someone powerful (or some powerful organization) is caught with its hands in the stupidity jar
If Gary is going to have the book thrown at him, then everyone who had authority over the security policies for the network should also be subject to the same scrutiny by the public with appropriate punishment also applied to each one of them.
If we are going to live by the rule of law, then its damned time we started walking the walk
Besides the fact that this list is onerous to say the least, has anyone explored the implications for US citizens who work for foreign companies? The way the law is written could open the doors for abuse against US workers who may unwittingly violate the law by performing their duties. This is not just workers who are stationed in the US, but also those who work overseas. Could a US citizen be prosecuted in the US for doing his/her job while living in another country? At the very least, this could have a serious chilling effect on Job opportunities for US citizens around the world...
It is not as simple as you suggest. It is more about how the individual looks at, and understands the world. It has been my experience that the best Techies that have worked for me see the world in black and white. Dont misinterpret this as a bad thing; on the contrary, it is one of the (IMHO) most important aspects of a real Techie. The next aspect is their ability to focus exclusively on minute details that may have limited scope.
This takes a type of concentration that a good manager cannot afford, as it would mean that they are ignoring other issues that may be just as important. Additionally, a good manager needs a broad knowledge that is not necessarily deep, but sufficient for him/her to understand what their teams are doing and to communicate effectively with superiors, customers, and team members.
The focus that Techies have also tends to ill prepare them for dealing with complex social issues that a manager may have to navigate on a daily basis. To Techies, these are irrelevant and distracting. To a manager, this is a critical skill.
So the real issue that the originator of the article should think about here, is how they see the world and whether they can deal with, or even prefer a, gray world...
"I mean, if some business that I slighted in China brings a lawsuit against me, I'm not going to fly half-way across the world to defend myself."
While I am most certainly not a lawyer I do know of a certain situation where you would not only fly to be in court, you would hire the best legal rep at your destination you can find and do it as fast as possible.
In the US, even if you are a business that is registered and exists solely in a foreign country, you can be subject to a "summary judgment" if you do not show up for court. This may not mean anything to your company if it does not have a market in the US, but if you do, the court could terminate your ability to sell your products and/or services here, impose fines, etc.
If your major market IS in the US, then your company could potentially be litigated into bankruptcy whether you agree with the jurisdictional issue(s) or not...
"Do you realize that most spammers completely ignore all laws? You are suggesting the equivalent of a homeowner negotiating with a burglar to limit the amount they steal."
You misunderstand the point I am trying to make. Yes of course I recognize and know very well that spammers are by definition ignoring these laws where they exist.
Where the communication becomes effective is when the industry creates standards of detection/blocking, defend their standards vigorously, and then force the spammers to seek a more acceptable method of doing business. Without some form of good faith debate/discussion between the community, the advertisers, and the antispam industry, what hope is there that these standards will be set, much less agreed upon globally?
All spam is not advertising and all advertising is not spam but almost all of it is... Don't you think the time has come to lay all the cards on the table and end this debate once and for all?
"There really are no good solutions for an anti-spyware vendor in this case, since detecting it could be considered as hindering law enforcement..."
Actually it will turn out to be the exact opposite. Once the program is in the wild and the black hats get their hands on it, both the AV and AS vendors will have no other choice than to add it to their detections.
Regardless of whether the detection is for the original Trojan or not, any subsequent black hat variations found would be added and the original would in all likelihood be flagged due to the particular (add your own term here) scanning technology.
"Since they have taken the roll of deciding who is spamming and who isn't, I think they could use more accountability than what I find indicated on their website"
:
Accountability certainly, but transparency would help to resolve these issues. The Antispyware industry tackled this by creating and then supporting systems/procedures that allow targeted application developers to appeal their inclusion in the AS's detection database, detection category (malicious, adware, Trojan, etc...), threat level, etc
More importantly, a similar procedure could open up a line of communication between the "spammer" and the antispam provider that may allow the antispam provider to force positive change in the behavior of the advertiser.
Sample framework for a possible procedure
1) Suspected/targeted advertiser contacts the Antispam solution provider with an appeal as to the detection and blocking of their commercial messages
2) Antispam provider then does a complete and DETAILED technical analysis and write-up/documentation of why the content is detected/blocked in a specified time period. This report is then supplied to the advertiser.
3) Based on the report generated in #2, the content detection is continued (I.E., there is ample and reproducible evidence that the advertiser is engaged in spam activities and the blocking is valid)or the detection is determined to be a false positive and the blocking is removed...
4) Given that the content is blocked due to valid and reproducible evidence, the Antispam provider will then have all the evidence they need to defend their position in court if need be
If the security industry wants to provide the protection their customers require (hopefully this is the main motivation), then they have to also provide the means for positive change in advertising models.
Escalation without any means of relief/behavior modification is ultimately self-defeating...