Kali Linux is one of the most popular ethical hacking distros. Anyone who has ever used it has probably noticed that it had a default policy regarding the root user which meant that we were always "superuser" in this distribution. Whatever we did, we did it as root. Offensive Security explains all this in a post published on December 31st that you can access from this link.
As they explain, there needs to be a non-root model because many users use Kali Linux as their main operating system. That we do not have to use any password to perform our ethical hacking tasks is fine when we run the operating system from a Live CD / USB, but things change when it comes to the operating system that we have installed on our computer. For this reason, this change is necessary.
Kali Linux has introduced a security change due to its popularity
Many of those tools back then required root access to run or worked best when run as root. With this operating system running from a CD, never updating, and having many tools that needed root access to run, it was a simple decision to have an "all as root" security model. It made perfect sense for the time.
Kali Linux does not recommend that we substitute our preferred distribution, like Ubuntu, Fedora, Arch Linux, etc, by its operating system. It is the community who is seeing that it is an option, Offensive Security has realized and has introduced this change to protect these users who are showing them affection.
With this change, the next time a user wants to install Kali Linux they will have to fill in the step to create a username and password, as we do in most existing distributions. A small change, a big security improvement.
Great decision on the part of Offensive Security since many users choose to install Kali Linux as the main distro on their computers, I have even considered it myself on several occasions. With this security enhancement, it may happen soon.
I don't see any sense in it. It is not a distro to be used as the main one. What users who do not know this simple should not even try it. And much less use it as the main distro.
Installing Kali as the main operating system is absurd unless you spend all day testing your home / office network.
Remember that Kali is nothing more than a Debian with the entire ecosystem for war, it is absurd to install it with the idea of "normal" use. That is, we can enjoy doing it freely.
It seems to me that it is something basic and elementary, if it is an operating system, it should be, and it is also a great security failure, it is supposed that delicate and high value things are being done. It would be talking about offensive security and the same tool is a filter or security factor, it would have to be the safest even in live usb. I know that the most cucumber is supposed to be the maximum of computing the magicians' tool simply has to be the best operating system haha ... Thank you very much for everything you do for a better world and the opportunities and possibilities it offers, to the developer community… Great, gentlemen, thank you very much