I'm not the kind of parent who reads their kid's messages. My 14-year-old son has his own life, his conversations with friends, his projects. I respect that. He wasn't the one I was trying to protect him from — I was trying to protect him from everything else.
When he got his MacBook for school, a question lodged itself in the back of my mind: what if an app he downloaded — a game, a mod, some random tool — had access to his camera without him knowing? What if someone, somewhere, was watching through his laptop camera while he did his homework?
That's what I wanted to monitor. Not my son. The apps.
The Difference Between Parental Control and Parental Protection
There are dozens of "parental control" tools on the market. They log visited websites, read messages, track screen time. Your child knows it's there. They feel surveilled. And one way or another, it damages the relationship.
What I was looking for was different: knowing what apps were doing to my son, not what my son was doing with his Mac. That's not parental control. That's parental protection.
I installed Maclaw on my son's Mac. The app monitors access to system resources — camera, microphone, location — and sends me Telegram alerts whenever something happens. My son knows the app is there. We talked about it. He understands I'm not watching him.
[PHOTO] Suggestion: Maclaw interface on Mac showing the monitoring dashboard with recent access log — or screenshot of the Maclaw menu bar icon with "All clear" status
The First Few Weeks: Everything Normal
The first alerts I received were completely normal. And that was exactly what I wanted — to understand baseline behavior so I could recognize something unusual.
Tuesday 4:02 PM — ⚠️ Camera accessed — OBS Studio
Tuesday 4:03 PM — ⚠️ Microphone accessed — OBS Studio
Tuesday 8:15 PM — ✅ All clear
OBS Studio. That's the software he uses to record his YouTube videos. I already knew about it. Nothing alarming. I texted him: "Saw you were filming today — what's the video about?" We chatted for five minutes. No tension. He knew Maclaw had logged the camera access, and it was fine.
Weeks of that. Discord, Chrome, Zoom for online classes. All recognizable, all logical. I'd almost stopped checking the alerts regularly.
Wednesday Night at 11:12 PM
My son was asleep. I was reading in the living room when my phone buzzed.
Wednesday 11:14 PM — ⚠️ Microphone accessed — helper_service
Wednesday 11:19 PM — ⚠️ Network: outbound connection — 185.220.x.x
Three alerts in seven minutes. After 11 PM. From my son's Mac, sitting on his desk in his room. And the process name: helper_service.
I didn't recognize that app. I'd never seen that name in the regular alerts. I Googled it. No legitimate app simply calls itself helper_service. That's exactly the kind of generic name malware uses to blend in with system processes and avoid detection.
What We Found
The next morning, I asked my son what he'd installed recently. After a moment's hesitation, he mentioned a "mod" for one of his games — downloaded from a forum, not from an official source.
We opened the Mac together. In Activity Monitor, helper_service was running in the background at startup. Digging deeper, we found the file came from the mod's installation folder. It had been designed to launch silently with the Mac and maintain an outbound network connection.
[PHOTO] Suggestion: macOS Activity Monitor showing a suspicious background process — or System Settings → General → Login Items with the unknown process listed
What this process was doing: camera access, microphone access, outbound network connection to an external IP address. Combined, triggered at 11 PM when no one is using the computer — this is classic RAT (Remote Access Trojan) behavior, bundled inside pirated software.
We deleted the mod, removed the process from startup items, and changed all passwords. I then reviewed three weeks of network history through Maclaw — the process had activated multiple times during the night, always between 10 PM and 2 AM.
How to Respond If This Happens to You
If you see a Maclaw alert with a process name you don't recognize — especially at night — here's what to do:
1. Identify the process
Open Activity Monitor (Applications → Utilities → Activity Monitor). Find the process name. Note its PID and the location of its executable (double-click the process → "Open Files and Ports" tab).
2. Check login items
System Settings → General → Login Items. If the suspicious process appears in the list, uncheck and delete it.
3. Find and remove the source file
Activity Monitor shows which folder the process is running from. Navigate to that folder in Finder and delete the executable (and the parent folder if it's pirated software).
4. Cut network access immediately if needed
From Maclaw via Telegram, you can block outbound network connections for a specific app in real time. Useful if you want to cut access while you investigate.
5. Change passwords for accounts used on this machine
Assume that if a process had camera, mic, and network access for multiple nights, data may have been transmitted. Prioritize changing passwords.
[PHOTO] Suggestion: macOS Activity Monitor, Network tab, showing outbound connections from a process — annotated screenshot highlighting the key columns to check
The Conversation I Had With My Son
I didn't yell. I didn't take away the Mac. I calmly explained what had happened: by downloading a mod from an unofficial forum, he'd unknowingly installed software that was activating his camera at night while he slept.
He was shaken. But it wasn't his fault — this kind of software is designed exactly for that, to look like something normal. He had no way to know.
What this experience taught both of us is that the threat doesn't always come from someone you know. It can come from a file downloaded in two seconds from a gaming forum.
The distinction that matters: I wasn't monitoring what my son was doing. I was monitoring what apps were doing to my son. That's not the same thing. And that Wednesday night proved it was the right approach.
What I Check Every Week Now
Since the incident, I've set up Maclaw to give me a weekly summary. Every Sunday morning, I get a report: which apps accessed the camera, microphone, location, and how many times. In under two minutes, I know whether everything is normal or if something deserves attention.
It's not surveillance. It's peace of mind. And sometimes — like that Wednesday night at 11:12 PM — it's also active protection.
Protect Your Child's Mac — Without Spying on Them
Maclaw monitors apps, not your child's activity. You get an alert if something unexpected accesses the camera or microphone — even at night, even in the background. All data stays local on the Mac. Free to start.
Protect My Child's Mac