Dancing pigs

In computer security, the dancing pigs problem (also known as the dancing bunnies problem) is a statement on user attitudes to computer security: that users primarily desire features without considering security, and so security must be designed in without the computer having to ask a technically ignorant user. The term has its origin in a remark by Edward Felten and Gary McGraw:

Bruce Schneier expands on this remark as follows:

If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet — he's going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might do permanent damage to your computer, steal your life's savings, and impair your ability to have children," he'll click OK without even reading it. Thirty seconds later he won't even remember that the warning screen even existed.^[2]

The Mozilla Security Reviewers' Guide states:

Many of our potential users are inexperienced computer users, who do not understand the risks involved in using interactive Web content. This means we must rely on the user's judgement as little as possible. ^[3]

A widely-publicized 2009 paper ^[4] directly addresses the dancing pigs quotation and suggests that users' behavior is entirely rational:

While amusing, this is unfair: users are never offered security, either on its own or as an alternative to anything else. They are offered long, complex and growing sets of advice, mandates, policy updates and tips. These sometimes carry vague and tentative suggestions of reduced risk, never security.^[5]

Experimental support

One study of phishing found that people really do prefer dancing animals to security. The study showed participants a number of phishing sites, including one that copied the Bank of the West home page^[6]:

For many participants the "cute" design, the level of detail and the fact that the site does not ask for a great deal of information were the most convincing factors. Two participants mentioned the animated bear video that appears on the page, (e.g., "because that would take a lot of effort to copy"). Participants in general found this animation appealing and many reloaded the page just to see the animation again.

See also

• Trojan horse (computing)

References

External links

• Larry Osterman's WebLog : Beware of the dancing bunnies.
• HoneyMonkey Project

This computer security article is a stub. You can help Wikipedia by expanding it.v · Categories: Computer security Usability Computer security stubs Wikimedia Foundation. 2010. Игры ⚽ Нужна курсовая? Navin Nischol James Caleb Jackson Look at other dictionaries: Pigs in a Polka — is a one reel animated cartoon short subject in the Merrie Melodies series, produced in Technicolor and released to theatres on February 6, 1943 by Warner Bros. Pictures. It was produced by Leon Schlesinger and directed by Friz Freleng, with… …   Wikipedia Disco Pigs — Directed by Kirsten Sheridan Produced by Ed Guiney Written by Enda Walsh Starring Elaine Cassidy …   Wikipedia Marvin The Tap-Dancing Horse — is a Canadian animated television show produced by Nelvana. It tells the stories of a young horse named Marvin who is part of a carnival. Among the Executive Producers are Michael Paraskevas and Betty Paraskevas, creators of Maggie and the… …   Wikipedia Ian Rankin — en 2007 Autres noms Jack Harvey Activités écrivain Nais …   Wikipédia en Français List of Manning-Sanders tales by region — A region by region list of fairy and folk tales collected and retold by Ruth Manning Sanders (1895 1988). Regions (or cultural groups) are as listed by Manning Sanders in either the table of contents, the forewords or the introductions of her… …   Wikipedia Computer security — This article is about computer security through design and engineering. For computer security exploits and defenses, see computer insecurity. Computer security Secure operating systems Security architecture Security by design Secure coding …   Wikipedia Trojan horse (computing) — Beast, a Windows based backdoor Trojan horse A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms… …   Wikipedia Jug band — A jug band is a band employing a jug player and a mix of traditional and home made instruments. These home made instruments are ordinary objects adapted to or modified for making of sound, like the washtub bass, washboard, spoons, stovepipe and… …   Wikipedia Phishing — In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic… …   Wikipedia Ian Rankin — Infobox Writer name = Ian Rankin imagesize = caption = pseudonym = Jack Harvey birth date = birth date and age|1950|28|04|df=y birth place = Fife, Scotland death date = death place = occupation = Novelist nationality = Scottish period = 1986… …   Wikipedia 18+ © Academic, 2000-2024 Contact us: Technical Support, Advertising Dictionaries export, created on PHP, Joomla, Drupal, WordPress, MODx. Mark and share Search through all dictionaries Translate… Search Internet Share the article and excerpts Direct link … Do a right-click on the link above and select “Copy Link”