In their talk at Black Hat, R^2: The Exponential Growth of Rootkit Techniques, security researchers Jamie Butler and William Arbaugh laid out a beginner's course on rootkits to kick off a day of programming around that topic. Butler and Arbaugh covered the history of rootkits, dating the awareness of the concept, which they define as any software that hides its operation from the system kernel, administrator, and security software, back to Clifford Stoll's bestselling book, The Cuckoo's Egg, in the late 1980s. Over the next 20 years, rootkits remained a quiet element in the security field, mostly affecting enterprise networks and mostly seen in user applications. Recently, however the controversy around Sony's use of a rootkit last year brought rootkits back into the news. That's bad, the researchers say. The heightened awareness and the fact that most security software can't accurately detect rootkits got spyware companies interested in using the technology to hide their keystroke loggers and other malware from users and security software alike. The researchers have dubbed this new convergence rootware. They noted that rootkits do have good uses as well as bad, making detection and remediation difficult. They cited the similarity between ZoneAlarm and the UAY rootkit from China that uses many of the same processes as ZoneAlarm, which offers kernel-based firewall protection.