I constantly think that it's possible to make a completely secure computer system that has no exploits, but then I think maybe there isn't...

Would it be possible to make it impossible to break into a computer system?
Why?
What's your reasoning?

That depends, do I have physical access to the box? Then no. I can always insert a disk, memory stick, new hard drive, etc. and run my own program bypassing any security you put in place.

So lets say you restrict my access. What are you going to build your computer system on? Windows, linux, mac, solaris? Any system you pick is bound to have vulnerabilities of its own. Every feature that something supports; is an increased attack area for a hacker to penatrate. People who are serious about security will turn off every un-needed feature because they all represent security vulnerabilities to them.

Finally the last thing to make things insecure is the human element. The humans using the computer system have some very real limitations. How complicated of a password can you remember? Ever use your password in more than two places (or one similar)? I knew some people who got payed to hack into banks so the bank could better secure their network. In one of their attacks they were able to break something like 25% of the accounts they tried by simply using the pin 1111. Dispite banks warning their customers not to use such a weak pin number doens't mean people wont. I wish I could refind the paper I found on the actual security of a 4 digit pin. Effectively what it said, was that instead of the pin strength being 10^4; it is much much lower because not all combinations are used. People tend to use patterns such as how it is layed out on the number pad or dates.

This actually brings up something else to consider. As you become more secure, the usability of the system becomes less. Lets say for example I am super paranoid so I make the following policy: When the computer is turned off, the hard drive shall be pulled and put into a safe with a guard checking it at regular intervals. The computer shall have no thumb drives, network connections, cdrom, etc. When using the computer, the user shall inspect the system. This proably represents the most secure computer system you can get without actually throwing the computer in the deepest part of the ocean. However what a PAIN! Further, it takes some super attention to detail to make sure a hacker doesn't modify the case or something like that.

In essance as you can see from my last paragraph I don't believe you can have a completely secure computer system. However, you can perform risk management based on the value of the data on the system. The more valuable the data is if compromised; the more (active) security you need to have in place.

Well said Salindor

Security comes at a price.

Aet