Dancing Pigs

Le cochon danseur

In computer security, the dancing pigs problem (also known as the dancing bunnies problem) is a statement on user attitudes to computer security: that users primarily desire features without considering security, and so security must be designed in without the computer having to ask a technically ignorant user.

The term has its origin in a remark by computer scientists Edward Felten and Gary McGraw: ‘Given a choice between dancing pigs and security, users will pick dancing pigs every time.’

Computer security expert Bruce Schneier expands on this remark as follows: ‘If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet — he’s going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: ‘The applet DANCING PIGS could contain malicious code that might do permanent damage to your computer, steal your life’s savings, and impair your ability to have children,’ he’ll click OK without even reading it. Thirty seconds later he won’t even remember that the warning screen even existed.’

The Mozilla ‘Security Reviewers’ Guide’ states: ‘Many of our potential users are inexperienced computer users, who do not understand the risks involved in using interactive Web content. This means we must rely on the user’s judgement as little as possible.’

A widely-publicized 2009 paper directly addresses the dancing pigs quotation and argues that users’ behavior is plausibly rational: ‘While amusing, this is unfair: users are never offered security, either on its own or as an alternative to anything else. They are offered long, complex and growing sets of advice, mandates, policy updates and tips. These sometimes carry vague and tentative suggestions of reduced risk, never security.’

One study of phishing found that people really do prefer dancing animals to security. The study showed participants a number of phishing sites, including one that copied the ‘Bank of the West’ home page: ‘For many participants the ‘cute’ design, the level of detail and the fact that the site does not ask for a great deal of information were the most convincing factors. Two participants mentioned the animated bear video that appears on the page, (e.g., ‘because that would take a lot of effort to copy’). Participants in general found this animation appealing and many reloaded the page just to see the animation again.

Tags:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.