You probably have to type a password to perform actions as your normal user, unless you've disabled the login screen for your system. But if you do enter that root password, what exactly can you do that you couldn't do as your own user that actually matters? Sure, root can ex. inject drivers to the kernel, but that's just an intermediate step. The real damage is typically in running a keylogger, getting access to your online accounts, sending DDoS traffic for a botnet, etc. - all actions that can be done with just your non-root user.