Setting up internet access rules is a bit more tricky than ZA.
When I tried ZA it asked me which applications I wanted to allow to access the internet, and the information the pop-ups gave made it easy to understand whether to do so or not.
I took ZA to Shield Up! after installation and it passed first time.
When I tried Kerio, it started asking me whether I wanted to allow connections from the internet to certain applications. The applications looked legit so I clicked yes. When it took Kerio to Shield Up!, it failed. I had to go back and change all the internet in rules to ask. I tried Shield Up again and denied any request to connect from the internet. This time Kerio passed.
After that I had one request to allow a connection to MSN when downloading a file, which I allowed, plus some mysterious requests for connection which I denied. Like yourself, I now have internet in set to deny for everything that has no need to accept connections, and I've had no more mysterious connection requests.
For a complete computer novice, I think Kerio would be the wrong choice, except in simple mode (which has no connection pop-ups,) because it's too easy to make mistakes like this.
Of course these internet application rules are really simple compared to advanced packet filter rules. My posting of the empty rule box shows you don't need to create any firewall rules, as opposed to connection rules.