Abstract

Zyxel Networks commissioned Tolly to evaluate the anti-malware efficacy of the Zyxel USG FLEX H-Series versus the Ubiquiti Dream Machine. The main focus of the project was to compare how effectively these firewall and gateway platforms detected and blocked malware downloads, while also highlighting the broader security-service differences between Zyxel’s Unified Threat Management approach and Ubiquiti’s more limited feature set.  

The report tested two Zyxel models, the USG FLEX 500H and USG FLEX 100H, against the Ubiquiti Dream Machine Special Edition (UDM SE). Malware samples were hosted on a server and downloaded by a client via HTTP GET through the device under test. Tolly determined blocking success by reviewing device logs and by checking whether the downloaded files in the destination folder matched the original malware samples. If a file was partially downloaded or not downloaded at all, it was counted as blocked. Anti-malware efficacy was then calculated as the number of blocked malware samples divided by the total number of malware samples tested.  

Across 14 test dates from July 3 through July 16, 2025, Zyxel consistently delivered far stronger results than Ubiquiti. As shown in the results chart on page 1 and the detailed table on page 2, the Zyxel USG FLEX H-Series achieved more than 87% anti-malware efficacy on every test date, with an average of 91.6%. The Ubiquiti UDM SE averaged only 2% efficacy. In total, out of 6,426 malware samples tested, the Zyxel USG FLEX 500H blocked 5,886 samples and the Zyxel USG FLEX 100H blocked 5,902, while the UDM SE blocked only 131. The two Zyxel models produced nearly identical results throughout the evaluation.  

The report also emphasizes architectural differences between the products. Zyxel positions the USG FLEX H-Series as a UTM firewall family, where the Gold UTM License enables antivirus and anti-malware, sandboxing, intrusion detection, application control, content filtering, anti-spam, and other security services in a single appliance. By contrast, the Ubiquiti Dream Machine does not provide a complete UTM suite and, according to the report, lacks capabilities such as sandboxing and spam filtering. In the tested configuration, Zyxel appliances ran VuOS-fw builds from August 2025 with anti-malware enabled for all available file types, while the UDM SE ran UniFi OS 4.3.6 with CyberSecure by Proofpoint and Cloudflare plus intrusion prevention enabled. Overall, the report presents Zyxel USG FLEX H-Series as substantially more effective than the UDM SE for anti-malware detection and blocking in this test scenario.