Minor infections will become less common, as the attack surface area is reduced and mitigated over time. New APIs and interfaces will be created, creating N+1 standards, but they'll be more secure than the older ones they supersede. For example, Flash and ActiveX are slowly going away in favor of more secure alternatives. How many critical html5 vulnerabilities are found in your browser of choice compared to critical Flash/Java Web Client vulnerabilities? Open source is a big part of it, but security being baked into the design rather than being tacked-on after thousands of vulnerabilities have been written into legacy code is bigger.
On the downside, when you DO catch an infection, it'll be nasty. New methods for hiding in firmwares will require removing chips and re-flashing them, and unless open firmware takes off in a big way, in practice this will mean replacing hardware very carefully so it doesn't infect the new hardware. It will be virtually undetectable, and have countless methods for defeating airgapping, virtual machines, decompiling, reverse engineering, and antivirus software. So once your machine is owned, it'll really be owned.
The best thing that can be done is to systematically eliminate every motivation to deploy malware: make spam unprofitable, harden SCADA to eliminate sabotage, mature altcoins to not benefit from stolen processing cycles, and regulate online advertising so ad injection is pointless. Also, rework the protocols that allow DDOSing, and require actual two-factor authentication for financial websites/transactions. Eventually, I think malware will be rare/invisible enough that only computer scientists will know about it, ordinary users won't worry about it.