1. 7

  2. 7

    Meanwhile if you’re looking for a Linux-based operating system that looks just like Windows 10, may I suggest Kali Linux.

    I haven’t used it myself, but from what I gather Kali is explicitly discouraged for Linux newcomers and/or general-purpose distro. See e.g. Why is Kali Linux so hard to set up? Why won’t people help me? and Should I Use Kali Linux?.

    1. 6

      Yep. This is absolutely not good advice, the maintainers even quote it here:

      should you use Kali as your daily driver, as the primary OS? It’s up to you. There wasn’t anything really stopping you before, we just don’t encourage it. We still don’t.

      I use Kali professionally for Penetration Testing and created the build pipeline for $COMPANY to roll out customized versions of Kali, spin up new instances every engagement, and have run it as host OS for years (even in the Backtrack days). If you don’t specifically need the security tooling, it’s entirely based off of Debian Testing and that should meet most of the needs Kali does.

      1. 1

        I would go a step farther and say it’s bad advice to tell someone to use pentesting tools from their daily driver OS.

        I wish I had specific findings in a form I could share, but some time back I got to help experiment with adversarial responses to probes from common penetration testing tools.

        The results weren’t pretty, and many tools need elevated permissions, so their failings were instantly magnified. (As an aside: because of this need for elevated permissions for some tools, the OS installs that host them tend to be less-than-hardened against privilege escalation attacks. So even those tools that don’t themselves need elevated permissions are usefully attacked.) Test tools tended to be less than robust against those who wanted to exploit the testers.

        I came away from the exercise convinced that these tools were best run on a short lived Kali instance that had no other data and no privileges anywhere.

        If someone wants to use Kali as a daily driver? Maybe that’s fine. You don’t need to log in as root anymore, and it’s just Debian testing anyway. I can’t swear today’s Kali is a soft target for privilege escalation. But if you’re using it for non-testing purposes, you shouldn’t run pentesting tools on it IMO. In which case why use Kali? Because you like its windows-alike skin? I bet that can be installed on a better general purpose system.

        That’s a lot of words to say that I am much more loudly in the “don’t use it for other things” camp than the Kali maintainers you linked.

      2. 2

        I can’t see why anyone would recommend a special-purpose distro as a Windows 10 alternative. Windows 12 Lite may really be one’s best bet if that’s what they want. ;)

      3. 2

        Seems more like a typo - they meant to call it “Linux” Lite (https://www.linuxliteos.com/) and ended up typing out “Windows” Lite.